Massachusetts InshtoLe of Techno.pgy 
Artificial Intoll Rente Laboratory 
Can-bridge, Massathuss tls 

A.L Mot* 36S 

May 197 6 revised August L5/6 


A System For UndersLanding Mathematical FORTRAN Programs 

by 

Richard CL W-tpr; 


ABSTRACT 

This paper- proposes a system which, when imciemenled, will be able to understand 
mathematical FORTRAN programs such as those n Ihe EBM Scientific Subroutine 
Package. The syslem lakes, as input, a program and snnclahon of Ihe pro&rartt. [n 
ordor 10 ur^Jersland the program, the system develops a "plan" for it. The "plan" 
species the purpose oF each feature of the program, and haw these features 
cooperate in order to ereale Ihe hchivipr cvhibiled by Ihe program. The system 
can use its understanding of the program to answer questions aboul it including 
questions. aboul the ramifications oT a proposed n-odilit»lion, ft is a so able to aid 
ip debugging the program by detect mg errors in if, and by totaling th* feature; oi 
the program which are responsible lor t'rOr, The system should be of 
significant assistance Id a person who s writing a program, 


This repOri deser bes research cone at Ihe Artificial tntellgcnce Laboratory of the Massachusetts 
[institute of Technology, Support Sir lira Laooratory’s art fi-cia intelligence research is prov-oed in 
part by the Advanced Research Propel Agency ot the DEpadmenl of defense under Office Ql Naval 
Scsesrch cdnlracl N8S014-75-0-3643. 


I 


ACKNOAtt.EDGh*iVTa 


[ Mold 0>,|,c U lir|y til,, [<, Jdimwlftj,,, sssist ,„ ce #f £ ffi{h ^ . . 

1 — ■*'» «"* <*■' A 


Richard C. Waters 


£i 


contents 


t. A PROGRAM UNDERSTANDING SYSTEM 

1 1 BRIEFLY, WHAT 1H£ SYSTEM DDES 

LU ANSWERING QUESTIONS ABOUT A PROGRAM, 

U-^ DETECTING INCONSISTENCES IN Tk; PROGRAM ANO tTS DESCRIPTION 

]4,Q AIDING IN THE DETECTION AND UNDERSTANDING CF DUOS 

3-1.4 INVESTIGATING THE RAMIFICATIONS CF A MODIFICATION 

3-2 BRIEFLY, HOW THE SYSTEM WORKS 

I..Z1 TH£ STRUCTURES WHICH DESCRIBE A PROGRAM 

12.2 HOW THE SYSTEM USES THE DESCRIPTIVE STRUCTURES 
1.2.3 HOW THE DESCRIPTIVE STRUCTURES ARE BUILT UP 

1- 3 WHY THE SYSTEM IS VALUABLE 

I. A RELATIONSHIP TO OTHER WOR-C 

J, 4l OTHER APPROACHES TO THE SAME GOAL 

3.4 3,1 GENERAL PURPOSE H] 3H LEVEL LANGUAGES 

34.1.2 S PtCIAL PURPOSE SYS TEMS 

3.4 ] .3 US3 NG GOOD PROGRAMMING STYLE 
3 .41 .A AUTOMATIC PRO GRAMM I NO 

2 41.5 AUTOMATIC VERIFICATION 

2- 4 L -& PROGRAMS] NG ASS IS I ANT SYSTEMS 

[-41-7 PROGRAM UNDERSTANDING 

t-42 SIMILAR APPROACHES 

1.42. | SUSSMAN 

1.42.2 GOLDSTEIN 

1.42.3 RUTH 

1.424 BROWN 

1,42,5 GERHART 

3- 42,$ HEWITT tntf SMITH 

3-42-7 GREEN ard RAfiSTOW 

3-42.3 RICH and SHR03E 

I. 42.9 IBM 

II. THE TASKS THE SYSTEM CAN PERFORM 

IU ANSWERING QUESTIONS ABOUT A PROGRAM 

IU -1 REOUE STS FOR OESCRIPTJCN, "WHAT" 

11.1.2 REQUESTS FOR EXPLANATION. "HCW’ 

11.1.3 REQUESTS for PURPCSEk "WHY" 

33-3 4 REQUESTS FOR JUSTIFICATION "WHY" 

iI-2 AIDING THE DEBUGGING PROCESS 

II.2L1 FINDING BUGS STATICALLY 

IL 2.2 FJMD | NG BUGS DYNA MIC ALLY 

H.3 UNDERSTANDING MODIFICATIONS 


1 

I 

I 

1 

1 

2 

2 

2 

2 

3 

3 

3 

4 

A 

A 

5 

5 

& 

& 

7 

7 

8 

8 

9 

9 

ID 

10 

IB 

u 

1 1 

12 

14 

14 

15 

16 

17 

IS 

13 

22 

22 


Richard C. Wafers. 


Ill 


:tt. 

m.i 

1 IJ 4 . 1.1 
IIU -2 
III. 1.24 
nu.2.2 
IILl-3 
I 11 .IJ 3.1 

11145.2 

in. 1.3^ 
III. 1 , 3.4 
Ill. 15.5 
I]]. 1 . 3 .$ 


EH,2 
III. £4 
J 11 . 2 .U 
121-2,1,2 
III 5-2 


HOW the system works 
DECOMPOSITION OF A PROGRAM 
SEGMENTS 


A SMALL EXAMPLE 
CONNECTIVE TISSUE 

CAT* flow connective tissue 

CONTROL FLOW CONNECTIVE TISSUE 
PROGRAM TRANSFORMATIONS 
REARRANGEMENT 
substitution 

FACTORING JN SPACE 
factoring in time 


MOVING COMPUTATION BETWEEN THE CEDE AVO THE FLOW OF fflfffflll 
moving COMPUTAtjov between the CODE and Xi data 


Tie STRUCTURES used to DESCRIBE a segment 
BEHAVIORAL descriptions 

POINTS O c VltVJ 


RELATING BEHAVIORAL DESCRIPTIONS 
PLANS 


112.3 
11 L 3.1 
1115 - 1.1 
111.35 
111 . 3.34 
1115 . 2 .2 

L [ 1 . 3.3 

111 . 35.1 
III-3.4 
1115 . 4 . | 

1115 . 4.2 
HI, 3.45 
1115 , 4.4 


the basic plan ^pes 

the GOAL DECOMPOSITION METHOD "AND“ 

The PLAN TYPE "ANlT 

Thr GOAL DECOMPOSITION METHOD ’XO?' 1 

THE PLAN TYPE TCASc kor- 

THE PLAN type -cond xgp h 

ThE GCAL DECOMPOSITION METHOD "COM 11 " 

THE PLAN TYPE "OOMP" 

LOOPS 

THE PLAN TYPE "LOOP" 

TnE P t AN TYPE "ENUMERATION LOOP" 

THE PLAN TYPE "AUGMENTED LOOP" 

THE PLAN TYPE "INTERLEAVED LOOP" 


Jf{■ J . DET£ PW] OEESCRI ptjou of A PROGRAM 

1II-4. | CONTROL FLOW 

II 3.4.5 SEGMENTATION 

111.4.6 PLANS 

111.4.7 behavioral descriptions 

1U.4.& THE GRAND PLAN FOR CQNVT 

J 13.45 TRANSFORMATIONS 


contents 


34 

24 

24 

24 

25 
25 

25 

26 
2$ 
2 6 
27 
27 
2S 
25 

30 

30 
3# 

31 

32 

36 

36 

36 

37 
37 

33 
59 
39 
43 

43 

44 

45 
4G 

4B 

50 

5 ? 

57 

57 

58 
61 


Richard C. Wale'S 


l 


i. A PROGRAM UNDERSTATING SYSTEM 


]. A PROGRAM UNDERSTANDING SV$;TEM. 

hs research project iJ concerned with designing anc mple[ranting a program undor&tar.d.ng 
System. T-nis section briskly case rides what the propOsEd syalem does, now il does it, and why it is 
wfcrlh doing. Sections 1. pnd tit spec fy, in greater del a I, what ihe syjlem does ana hew it does it. 
This paper speaks of trie program understand.ng system in the present tense, However, il should be 
noled 1 ha! the sysl rm has not hoc n .mpiemenled yel. 

1.1 BRIEFLY, WHAT THE SYSTEM DDES 

The system understands malhcmaTcal FORTRAN programs, II does not attempt io urujfrjtahd 
me mathematics embodied n a program, but Only Ihe programming, A nalhemalical program can bo 
considered as tne implementation of a theorem. The Sy Starr, does not fry to understand the t Into rum 
If just believes What it does do., is to understand how the program implements the theorem. 

Mathematical FORTRAN programs were chosen as the domain oecause Ihey are e 
sir eight for ward lype of pro E ?am. Tr^y are real programs th-al use only a small subset o! possible 
Programming techniques. In particular, ihey use only simple dal a types (numbers, arr*yt, funeliQn&h 
simple- control structure- (no recursion, no asynchrony}, stalk varjjbUs and no I/O- Furthermore, in 
the iBM S'SP subroutine library, there a'e a large number of reasonably structured real programs to 
serve as experimentgl dafa for the system. These programs are a good test of a program 
understanding sysla™, because they were not specifically written to he understood by such a system, 
The system demonstrates its understanding of a program through its ability So perFocm several tasks 
which require understanding, 

1.1.1 ANSWERING QUESTIONS ABOUT A PROGRAM 

The system 15 ab‘e to answer questions sbouf a orogram if understands, such isj 

eF What is this pari &F the program? 

b) Wna! does this oarl do? 

c) Wtiy 1$ this part here? 

d) What i? [hie Fund ion of this part? 

eJ How does this oarl so ■what il does? 

F3 What pari achieves this goal? 

In other words, il fa able to explain a program, To imparl il 5 understand!^ &f il Id another. 

3.1-2 DETECTING INCONSISTENCES TN THE PROGRAM AM) US &ESCPIPNON 

Trie system does not attempl Io prove tbe correctness et a program^ However, it is able to 
■doled simple inconsistences in its understanding of a program. If can detect a variety of problems 
■wher® it can be simpiy shown that a segment O' a program c*n not poss*hly achieve thp results 
reouesfed Of it. The system's deductive Spparalus consists largely Of pattern matching, *ir.d trial by 
example. This allows it to prove many *js*rt« 0 n 5 false, bul few correct, 

1 . 1.3 AIDING [N THE DETECTION AND UNDERSTANDING OF BUGS 

The system can apoly its understanding of 2 program So aid in the task of debugging it. When 
running the program i n a careful moce, system cCrnslantly clicks whether a contradiction has 
ari?«n between its understanding oF the prqgr*ir, md whal is actually happening. The moment a 
cont'adicFiOn appears, thif system reports it. This causes bugs to be found closer to their point of 
a rig in than in art ordinary programming system, For ** ample. Ihe system m gh| say "matrix A is not iri 
hormetidn normal form" rather than "zeraaiuide" forty subroutine calls later. 

further, once given a pQ*n1 ot departure, Ihe system can trace but., nvon closer to the origin pf 
the prpbltru. For ^instance, after discovering thal matrix A was nol in hermchon normal form, the 
system might say “the subroutine F is not living up 10 its ettannsic description, which claims thal its 


Richard C, Waters 


2 


E, A PROGRAM UNDERSTANDING SYSTEM 


ogtpul ■& always, in he-rmetion norma! form" or "'he theorem impl.fd by 3he use Of subroutine F that 
any matrix with properties PI, P2, and P3 is ,n norm?! on normal form, mutt be false." 

tn shcr:, the sysler assists a user in PjtMrjicking a bug to its source, and by watching the 
Oxicutioin closely, reduces the amount of backtrace np. w.-:ich needs to be done. 

E-i.J INVESTIGATING THE RAMIFICATIONS OF A MODIFICATION 

When a segment of code is allered, to fin- * bug, or add a feature, She system can assess some 
ol the ramifications o J the change: Th.s is Dart emarly useful wnen Ihe changed segment served other 
Apposes in add ticn lo the one under cons deralion. The System can ask itself wheIher Ihe function^ 
.he Oid scE-mo-nt served arc sli I beir'-g luken care cf, whether Ihe new go ns interface with other goals 
Of the program, and whether Ihe change does jn l*;t kN eve Ihe results intended of it, 

1.2 BRIEFLY, HCW THE SYSTEM WORKS 

1 he system looks a I a program ns being composed of logically separate segments pf coco which 
a e combined together by connective hs-suc Further, each segment is composed cf subsegments, etc. 
The connective tissue it of Ivc lypes, call I low cOr’.-ecUve tissue- {variables, turd ion parameters, 
assignments}, and flaw pi control connective titsut (branches, subroutine calls, sequential code 
placement). The da I a flow connective liss.s transmit* data between segments., and Ihe cOrvtrO] (low 
connective 5is*uc executes the Segments in Ihe proper pr-der, 

12.1 THE STRUCTURES WHICH DESCRIBE A PROGRAM 

The program as a whole it oescrioed through the interaction of two types of descriptions: 
behavioral descriptions and plans. A behavioral cescript on specifies what a segment of cocc does 
without indicating how it is done. It lists the inputs, Outputs, prerequisites, ard oulput assertion* of a 
*0£ment. Behavioral descriptions describe a Segment from two m*jor points Of view. An inlrinik 
behavioral description lulls, what a segment docs «n isOlalion. All the statements it makes about a 
segment arc Irue for every ait Of Ihe segment. An extrinsic behavioral description tells what a use 
Of a segment dors in the content of ils use. One segment car, be used for many logically unrelated 
tasks in the same program, 

A plan ind cafes how several segments {and their extrinsic behavioral descriptions} combine to 
form a larger segment tand its intrinsic oehjvioral description). Plans are quite variable, but, 
observation, indicate* that t-npy fa i into a tmjil number of lypes (abound ten), Ini* makes if possible 
to dMl with Ihe plans even though each type is (routed separately. If alw m«4re that a great deal of 
information tan be inferred aboul a segment purely from the lyue of the plan for tNr segment, since 
Oul of the vast array of possible plan types Only a small n^fc>er are used. This In turn makes bolh 
recognizing and understanding a segment easier, 

Tnc grand plan, which completely describe* Ihe opera' on of a program, simply consists of 
behavioral descriptions and plans Ipr every segrrenl down, fo *ome level where the segments are 
taken as fundamentel and as having no subidgmer'ls and hence no pten$, 

1.2.2 HCW THE SYSTEM USES Tf€ DESCRIPTIVE STRUCTURES 

QuesliOm abouf a segment are answered through reference to- the descriptive structures. For 
examp e, "What does Ihs do?" 1 $ answered by reference to 4he behavioral description, "How does it 
* it?“ is answered by reference to the plan, "What function doe* it tervB?“ is answered by 
reference Id She extrinssc behavioral description ard Ihe plans in which t is contained. 

Detect on of inconsistences Is pcrlprmed while the description* are being const/ocled, As Ihe 
system builds up its understand ng of a program, it continually checks for inconsistences in what it 
knows. Whenever il discovers or s$ to d something about the program, it aftempts to verify it, IT it 
discovers a conlraoict-On, il reports it, ]f it venf es if, fine. Most of the time however, it comps to no 
COCidusibn, since the deduct,ve mechanism i$ weak Jn IhaE case, t assumes that the tact is true, but 


Richard C. Wafers 


3 


\ A PROGRAM UNDERSTANDING SYSTEM 


Js prepared to discover al a later time that fa tact i$ contradicted 

iKton,e. e *h^S “V"* Sr ‘l’ lr ' , . Shin " i,, '“ F-r 

"Who wart ted it ihatwav??w * V ' T qye!lltin * iuch «* "Where did this come from**. 

M 1. « " n:S “ " ^ Ihe *> I-*- 


i; are < 


i.2.3 HOW HE CESCPIP IVf STRUCTURES .ARE BUILT up 

user teiJS "* df a P«&™ *** »* OOee itself, and ort wh a l the 

Of thf n L 1 ^ ° sram Vli c0mfflerttfi ‘ st the COaej the system can separate out most 

III system c 1? C( T neCt L V0 tiiW *' "' ih * hnm * led k® * whit the primitive unil 

Ihe system car, go a Jong way toward analyzing ihe tower level se S n-ents. 

artd th- h«> P ? V . ide T™"’ 5 cescribing the overall behavioral description of the program 

?.* ,h f (ed '- K,M “""«*• - in n« r<™ .iik'S 

ilse „ T' <li ^‘ l11 <°' <1* t» d*,ermifl. th. S «, E ™„„lipn by 

' ”' ' r1""'L i* "“".h" * *“>■“• "jmtnl. ,1 ml Mwid. 1 . sod the,* ,rp 

p'mpJ. p? £r. ST ‘T''' d “S'*" 1 * ’“ hi[h FP» »(,. pprfpr™™. ,t the 

nt.d e s 0 e ?n^:J^ T !em *“ - “• »<Wp'4^'i ££ t 

luwifloge oi rhp stereotyped plan segment types to analyze the 


program Furtr^r. 


X ~ " - m rr is; r 

i! ,o *.■“« ^ 

3.3 WHY THE SYSTEM ]B VALUABLE 

w»rk Jltn 1 Z ! h T r d d "T dh " i ' y °! P ;° ! ;T S , MS ,Wid 'F i"' f “"n B . ™, pwi programs p„d,r In 
u ” h d * to yndc, rs1;ind, This type of system would be very uselgl for acoueihtinF or 

C'« U rrj™ |r "“"" W '' h * ' ,r ° Sram ' " nd ,0r *“'**» *"“* "i * ««" 8 •» .Mb a p,Ln 

z: trsar lhe wrs 

error* in'?hn^ijn,Th th& W ^' d 6e Sn a d ^^ Ea in e . Eu a s seem to oe bt two types: 

. - r i ■ * alRoMhrn. ano errors irv tne irnplemenlatiar, ol the algdrilhrn. The system, would he 

heJpfu m localise and understand ng iirplementalipn b„ 3 s ir. partar. Many hues are =rm P : v due td 

!huI ?h T ' 1"* WhiC ^ thCUEh ,riv ' al ' ere s *« n ' »!■ The Evslem would 2 i -SX ™t S 

ib 1 irtKiri ro ? utins ; ww bus wwie fixinE an eid ^ ««»»/ 

l r £:“ d :r'' prosr * m shd ^ d •-’■*'** d - * 

y cuesritlfl l& C^n Ihe understanding be developed w.ChouE reference to She code. 

I.d relationship TO OTHER work 

worh the : el ^ h iP holween the ayslem prooased in this p iper and other 

- P n5 ot view. First, it compares !he basic methodology Of [h| 5 system wilh other 


Richard. C. Waters 


], a program unobrstajjdjng system 


A 


approaches to Ihe same overall goal. Second, .t compares Ihia system with other s^ntcni using. a 
Similar Methodology, While making Ihese cpmpshsOns, it tries to trace the development oF Ihe Key 
ideas embodied in this system. 

iAl OTHER APPROACHES TO THE SAME GOAL 

Consider a user ipre^ranmer) who wishes to per'orm a certain cdirputalicn. To do Sh s r he 
wrhles a program which wilt cause a digital computer lo perldrm I he computalion. This reduces hit 
work to the wprk required to write the pregrairr-. The basic goal of fh* research proposed in this 
paper -s to reduce programming B'ForL as much as possib e. 

VVr ting a program consists Ol I wo i r,ter I wi ie d tasks, designing all of 3 he delate rEqu red to 
cause a computer to per Form a coihpgl*tien, and showing at easl mFpr mally, that 1h;s eqmp ul el iOn as 
lie Are the user had in mind Designing, the c cl ails (producing the program! is what is usually 
referred to as writing the program. However, it is clear Shat a programmer is continually guided by 
an mfqrmal feelmg for why whal he has whiten, and what will write, is correct. 

1-4-1,1 GENERAL PURPOSE HIGH LEVEL LANGUAGES 

The first step in redyeing programing ehort was achieved by moving irOm machme code, 
through assembler language, to general purpose high levul languages. The development O' these 
morp powertui languages slemrred from two *ey ideas: modules ana abstraction?., 

A pro-written module esn be as simp e a; a mu tipi cal ion routine Or as complex as a data Oaso 
management system. A module can be used as a iubrOulme or expanded inline- as a macro. It can be 
partially pre-evaluated or transformed after inslantiatign lo increase efficiency, Cn any case, modules 
reduce the effort required 1o write a program pecauio they can be used without having to he 
rewritten. They reduce tne elfoH required to verily a program because they tan be used as lemmas 
m the verification without having to be .'ever tied. 

Abstract ions used to express certain key relationships in a program in ways which are 
more convenient (or Ihe programmer, For instance, assembler languages introduced, among other 
things,, Ihe idea of using symbols as variables !o indie *le data flow. Compiled languages introduced, 
among other things, the dea, of us«ng syntactic nesting to indicate dala Flow. They else introduced the 
idea that a oi the primitives of a language could be modules, freeing the language from any 
resemblance to, or eepprdence on, any particular computer arehilectu'e. 

Global operations (performed by an assembler, compiler, or inlerpreter} translate these 
a ns tractions ini-o machine- undorstandab e farm Th s trees the prog'-an-mc-r from specifying deiails, 
such as actual memory sdar esses, which, thpugh they musl eventually be delcrmeined in order tor the 
computation to oe perSormed, are nOl Qt any direct ante rest 1* the user. 

.he abstractions lacditale verification pecagse t«#y cOrrespe"<d more directly 10 Ihe properties 
reeded tor v&rid jca,icn. For n ,* n ~:*iI c, verification may require- I hat data- f. pw occur From- a use -of 
module A fo a use of module EL The syntactic oeiling of the use ol module A in 1h c argument list of 
the use oF arguiment D succinctly espressos this requirement. Any added mechanism of memory 
adflressos, slacks., paramelpr passing, or var aoles would just get in the w?y. 

General purpose high level languages {such as FORTRAN, PL/1, and ALGOL} have introduced a 
arga number ol features of genera, usefulness. They have introduced abstractions such as 
subroutines and data types, and ir.odu p? such as access functions tpr complex data lypos (like strings, 
arrays, and structures}, These lengungM have greatly simplified Ihe programming process while 
maintaining general applicability hy i near pealing knowledge of programing techn.quco. However, 
they have not gone far enoughj programming Is. ?tiil difficult. 

1.4. 1.2 SPECIAL. PURPOSE SYSTEMS 

ft number pf systems have been, developed which are mere powerful than general purpose 
languages due to the fact that they ncorporate algorithmic intormaf.on specific !o particular problem 
domains. he simplest o' these systems are subroutine packages {such as the IBM SSP [IBM 


Richard C. Wafers 


5 


]. A PROGRAM UNDERSTANDING SYSTEM 


GH20-0.205-A]J w.-ieh extend the power &F g genera purpose language through the addition of domain 
specific modules. 

P produce systems with s reefer power, dc&tgnprj have lincorporated domain specific 
Knowledge m ways other :han modules, For eiiS'npie, consider ihe language BGl [Hammer, Hqwc, 
Kruakal ft Wlsdawsky J 97S] whicn can be used lo write busite&t daia processing programs. 6DL 
constraint programs :o have one particular top level structure This allows the system (p 
automatical y generate the code needed lo irrpleme' , l this structure. Fitter, el! the modules and 
abalractcni used :n BOL ar* spec - c ally design? 3 to HI in Id this particular tCp level structure in 
Cirde^ 1 to rmke th< user s dec =n and verification I asks easier. Ail this makes wiling a program easier 
as lOrg as the particular top lave structure is appropriate. 

This trend can conlir.ue wilh systems containing more and more information aboul smaller and 
Smaller domains, unli tne frond culminates in tuSlCmizers. A customizer cjjrt only produce a Few 
programs, but it knows all of Ihp details ot each of Ihesp programs. The oniy problem tte user faces 
is discovering wnelber the computation hp desires ca* he irnplerra-nted oy one of the programs fhc- 
customizer can produce ff it can, the user specifies the program ho wants by filling cut a 
puestionnairn. Verifcahon 5 simple because the questionnaire s ci reetty posed in the terms the user 
is interested in. 

The problem with Ihese syslcms is that they are top 5 pec it ic. A programmer can pnliy use such 
a system if there happens to be one which a op lies to his problem domain. ]f he changes cfomains, he 
wi I navo to earn an entirely new system, Further^ the more power fu fine of these systems is, She 
more limited its applicability, 

[-4.1.3 US-3NG GOCQ PROGRAMMING STYLE 


The particular ctylo which a programmer uses has a great effect On the ease with which he c?n 
write a program. Languages h*v? been developed wh.ch encourage gooe programming style (for 
fr *ample structured programming j, and mgitg ^ome types of bsd slyie impossible. Fpr example, the 
language CLU jLiskov 1974] is oes gned to make unstructured data access impossible, ]n CLU h e data 
item tan only be ^etossed through 1 he actsSs Functions defined for ils data type. Therefore, it is 
impossible to use any ad hoc Qata manipulaliOns which could complicate the verification process. This 
approach extends Ihi idea of enhancing tho power oF a general purpose language by including 
programming knowledge in the system. 

M.I.4 AUTOMATIC PROGRAMMING 

WitJi any &t ihe general purpose languages discussed above, a programme/ faces Ihe (ash of 
specifying. whai modu es are to be used, arid how they are :q be interconnected Automatic 
programming attempts to automate [hit process. In Birfowahe prOgrammirg, the user’s program is a 
Specification of what js to be dorse, nol how t ic to be done, Systems have been designed using 
specificaUon through Sample* of Penavipr (tuth as J/Q pars [Summcrg 1975s Shaw, Swarfocrt, & 
■u ee.i Hgrdy 15. u] and Traces. [Bauer J i ^75}| , , e*?:t specifcations in a predicate calc-ulus jike 

language [Mann? & Wa a nger L97p], cr English ianguage -dfesPripl.cins [Ruth 197S]_ 

]t is nol true "hal automatic programming would elimjnale a || the effort cf programming. 
&ev 0 ldo.rg a precise dcscrip' On of a desired computation is diflicuH, whether or not the description 
is algorithmic. However, wtufnadly, a programmer has always had to develop some descriptive 
specification For a program he wishes (ft write, at least in h; 5 head. Therefore, writing and verifying a 
program, which it itself a specification, should do easier, as long as the lype aF descriptive mechanism 
Utod by the autonaiie programming system it tuflicicnfly similar Fa Ihe one used internally by the 
user, 

It *ht>uFd be noted that automatic program! ng jystSms do nol eliminate the n^ed for domain 
spec ic algorithmic kripwledge. Rather Ihey altempt to provide a unilorm method of access to this 
know edge. Dpimflih specific knowledge mgsl oe reslued in See programs produced by an automatic 
programming system. Therofori, if the user is not gpeng to apecify il, il must be sitter known by the 
system beforehand, Or reinvented by the system in response lo a problem. 


Richard C. '.Vatcrs 


[. ft PRCGRAU UNDERSTANDING S-YSTEM 


& 


Unfortunately, tfc has not yel been possible 10 codify large erpas of knowledEt, though small 
aroas have been ccdihed (tor rumple, &e*n a-:® HarslOw cistuss Hie cOdilicalion of knowledge abnuL 
to tihg programs [Green £ ua'sipw 19?5]). Further, the problem salving ctprtilily required to 
understand specifications sntf write a lar&e variety p! program^ based bn a nanagtably small stock of 
know edge is *1-0 bsycnd the state of 1 he art. As a result, none oF Ihe automatic programming 
syilcms oroposed has been made So work, well enough to be p? any practical use. Those which have 
been rm piemen led at isl, On y wprk n a very small or simple domain such as simple lisl manipulation, 

he j.aprpaches describes above have bee-* directed toward developing on interpreter for a 
language (whether algorithmic or based on specifications) which is so powerful that a c employ 
program can nc trivially written and verifier in the language. This is certainly » laudable goal, 
however, it does not seem iikgly that it will; be achieved in the rear future. 

E.4.1.5 AUTOMATIC VERIFICATION 

Atlempls have been made to develop § system which will at least bo able lo verify lhat a 
program it correct. This would be particularly use J ul since true verification has been neglected by 
programmers in toe past. 

in order to make automatic verification posssible, the behavior of ihp primitive elements of 
programming, ianjuan.es had so Ge rigorously aromatized. Further,, proof rutes h?d 50 bo developed 
so thst the a ipo ms about I he primitive ele-ner.ts could be combined into a prop! of d&icpt about a 
s^^ 0 ]^ 7hliS WDFfc !lar!ed by fL ^ d E Fl& Y d -957] *nd tchtinued by Mpare [Hosrc 

In order lo prove s&melhing aBoul a program (such as the correctness &F its specifications), the 
key step is deciding what subtheOremi to a ft nek This is analogous to picking suhtesks in Ihe process 
of writing a program, and unlorlunelely opes nol appear So be any easier, in addition, current 
theorem prGvers are npl -sole Ip prove theorems of ar,y great difficulty. 

SIrjijhlforward sek-tliPn Gl subtheorems is oruy possible in slraight Line programs. [f 5here it 
looping involved (vu go(o$, looping constructs, Or recursion), then heuristics mutt be used in order to 
develop subtheorems wh ch describe the action of the loops {for ei?np e [Wegbreil 3 973]). Systems, 
ebCh as that of Boyer and Moore [Buyer ft Mcore L 975; Moore 1974], which attempt to prove 
theorems about a program By looking just at the program, are onty able lo work with simple 
programs, 

Systems, such as lhal oF WaSdinger and Levitt [Wa'jdinger A Levi 11 ]9?4], where the user 
spec iec loop assertions, stilJ DQg down on relatively simple progrjims cue tu Ihe weekrvsa dt cu-rent 
theorem proves, and the problem of codily.ng arid using enough domain spec Hie Knowledge. 

1.44,6 PROGRAMMING ASSISTANT SYSTEMS 


There are several mam ideas behind atcistant systems, pne i* j, recognition o! the led that, in 
the absence at automatic prog ramming, program* arp npt written in Pr>e cess, They are written bil by 
bit, and then n-odi'ied end added 10 many hrrss as Crpi-s are tounri and corrected, and the Original 
specification for the program (hinges, This idea leads to a desire for systems which combine editors, 
compilers, interpr*ters, and debugging aids into one interacting unit, Ths S combination would tac-lilale 
cycling between moctes fl r.d the detection pi errors. 

A second idea is to haw? Ihe ass slant system keep track ol a myriad of details, and help the 
programmer avoid pit!alls. This is a natural extension of the idea of designing a language so to 
ore our age good programming style. An ajjistml system would utilize Knowledge 0 < programming in 
general, and of the particular language which the programmer was using in orcer lo catch many small 
eriors wh.ch might otherwise lead Id big problem^ What mases this uu^litalively diFfereot fr&m Ihe 
many chocks dohe By current compilers is tnal the bockkppping would erjit across the entire prpcBss 
■of developing a prog-am, np| just within a single cempi atidft ot ^ simjle subunit. 

By themwlves, these two ideas are not very Hkciting, They should Be usfftuU bul not 
spectacular extensions of current programming systems, In order to rea-lly assist a programmer, a 
system must enter in’io the programming process, either .n design or verification, The main lenent OF 


frchar^ C. Waters 


7 


!. A program understanding system 


per ,0'TZIl 2yT*?^T* ,hat ,hi !. ,S .." ""W*"* W— will !»W » 

MeriM /*« ,S s fj? “"♦*>' “W" d “» <w». . = 1 MteMlie sy6teBu . As 

tre MLWtat »nd utilization el 1,,^ «» u rf* , '' > "'’ ^ivie, f,rSbl,m ^ 

*" d b > flS1,d ^ ,,7, 3 


r&a ized. 


a tyslern could be 


J,A.1.7 PROGRAM UNOlPSTAJMDENQ 


Wlth 3 pfc-ft/,nmtr who jj doing the really complex design, ond 


Jn order to cooper air 

Ms-vsts! r h , 3r : h? pro3ra ™ er has ^ ** ^i** 

oach pro 0 ™ |!er. k a l n T? 'LT ‘'[*^ ? “* DW Th£? ke >' idea * along wi | h 
desljn of the oro^ram ^ tell? 1 be DU rna» ® ** ,e “|»«|« 0 n p the program, the vtrifk align, end the 

Originated wrth SUMmn [5™»n 1973*] and GdW*leio [Mtein 1974? f,rCBr ™' ™ B b *“ id “ 

If the plan is LJwn' Jh^MctfiwMon^’lta ^ elcpir ® 3 pl5n lh * Rnnwry «|ivfEy of programing, 
if a ' p CtfhDn S, the pr&firor*. the verification, and the design can be derived 

™ rf"*^ r — 

verification, 0 Specif, canons a^.d tne program, I hen it could do automatic 

w «hE5„!x s:rr;:^tr^^r e,Dp * pi r, wd - - ^h-, 

* 5 s^ianE 5y ,t em wtlish WD4J , fl undefS1(nd 4 P i Jrt a - I ^ zivdv'rJL?;^ 3 

verification en d wriln E OS the program. d by S ® rc S ramm er. and assr&E | ft 

can lind^M^nTo^™™‘ ET * t0ww * lhe Df «»« * lyttem 

by . P^r J„W,£„i 3ST " a *’ ta “ *“ be “ d “Hum 

IA-2 SIMILAR APPROACHES 


ran 


:mssk ssrasssr « Mrastt 


Richard C. Water* 


E. A PROGRAM UNDERSTAMDiNG SYSTtW 


! knowledge o f 
! the sp*c t fic 
I RroDle.'n domain 


know J abogt 
pros leu solving 
in general 


3 

I 
P 


annotation ot 
the prcgr3ln 

the progran 


CREATING 

THE 

UNDERSTANDING 






know I edge of 
the specific 
prpgr amir i ng 
language 


knowledge of 
programnI ng 
in general 

i 

i 

h..i. — m m. _ 


Fiji Is Oitpam ol clala flow Jn a program understands system 


<0 prove iha p r 4™ “ e, * C ' bUl! iB * '"6.'y through an a,< tmp! 

l.fl.2.1 SUSSMAN 

-rit..%rj2r,f ; h ?* : s rr an - wi ' .«<» 

SSSSnIS-’S 

—t ------ ssr sis r;*;r nss? "■ " 

f— -«- r po v rt 

nparlme m o«-l«tt„ s bogs and c r 0p3ai „ 5 ss | ulion5 th," h™ d 0 ™ ,. h" ° , 

x 

Lfl.2,2 GOLDS-teen 

““'t 1S?6i ** r * h * « W- i" Id. ai.pl. 
>i«ar to th, S oo,.and ^UnVa ™‘to “ nX 5S1 T*'’™ ‘ >U,1, ' ,t iB " nsive '"tt'™ 

dor-tilied » ith a v„.b,a E?al£t£*?“ "" y * ‘’ re ‘' a ™ “ b * 














Ric h#fd C, Weil er s 


9 


L. A PROGRAM UNDERSTANDING SYSTEM 


UrCROF" jccepli »s input a prog/ann wniei may have Dugs, and a partial desenptiOn of the 
intended output. It then proceeds Ep cdnslrucL a plan for toe program. The user can optionally 
inelmte commentary on ihe program no eating I'pnlunj? of tee plan. 

Due to the specific nalure Of the domain, the lash pt finding the plan consists targely of 
deciding whach parte a\ the Actual bulpul correspond to which parts ol the desired pulpul. MVCRoFT 
altemp-te to fmd a oian which mitlimiies tho number of errors delected. How easy this is to do 
■depends or, how well the natural iegmentelipn of the program corresponds IP Ihe description, of ihe 
ml ended output. This segmentation ;s a very important form ol c Pigmentary supplied by Ihe user. 

WYCROFT uses Ihe plan to propose fines for the bugs it detects. [1 then proceeds to construct 
a corrected program. ]t is mod successful when a but ; s Caused by an rncorreet value (such as a fine 
segment be ng too long). It has more ditf culty when a bug is Caused by incorrect logic*! structure of 
the program (such as pieces of the intended output completely e!| out}. tt seems reasonable that 
programming assis'snl systems in general will fa low this pattern. This is because assigning, the basic 
°B'Cil structure or a program seems Id be u more difficult task than picking Shr? correct values to use. 

[,4.2.3 RUTH 

Ruth [Wulh 3 97AJ developed a language wh.;h can be used Id express the sfrt Of a!i algorithms 
tor a pjven task, his *1 Owe him to encode the domain specific algarilhmic information for a particular 
problem area, Ms system lakes as input a program and lh 5 deserte: on d 1 a set of algorithms, J( then 
determines whether or not tee program implemenls one of fhe algorithms. If a match is found, the 
corresponding algorithm is reported- If a match is not found, the system iriss to f>no a near miss 
algorithm and reports differences from this as bLgs. His system his suctoss-fully Operated on real 
programs written by sludenls learning programming, 

His system performs a complex palters matching task, tt operates directly On Ihe programs, 
which a- r e written .n a Semple algebraic 5,ISP like language having a, condition*! construct ar.d a looping 
construct., Comments on the program are nol user, encept for the implicit comment thal tho program 
is intended to implement one OF the specitiea a gorithrns. His system does a lot of work in orppr to 
deal with irsnsformal or,s which can be applied 1-D programs, [f docs this in order to detect when two 
programs are eJJonlially Ihe same even though they appear, at first glance, 1o be very different. 
Trans forma I ions are also of considerable i n-porl ant e in ihe domain of FORTRAN progr ams. His system 
incorporslcs knowledge about common bugs so that near nnsses can be detected; easier. 

"'uih Goes noi deal wi!h plans as such. He iden'ir es understanding wth determining which 
algorithm corresponds Id the given program. The pl&Orilhmic representation he uses captures some 
of the r*Ctidr& oF a plan. However, il is more like a lypicsl impiementetipn of the algorithm, and. does 
not conlain teleological informal On about purposes 

1.42.4 BROWN 

Brown’s system WATSON [Brown l$75i Brown forthcomihgi also? Sussman 1973bi Brown 
3 974|. Sussman £■ Brown L974], Iodizes fa lures n electronic c redits. As input, it takes a puree of 
electronic equipment (which tt Operates on by giving commands !o a person who makes teste and 
adjustments}, its circuil diagram, a pian lor the c rc_.V. c.nd a description of the problem it is exhibiting., 
The plan and circuil are assumed to be bug tees. The 1 allure is thoretere assumed to be due to a 
damaged component, or improper adjustment (note the similarity with [hs bugs which were easiest for 
Goldstein’s WYCflCf7 tP handleJ. 

WATSON uses a variety of techniques Iriggs-sd by features OF the pian in p.-der to locaEteo the 
failure. The plant arc constructed by hand ard input to Ihe system. As a result, WATSON does not 
Attack She problem of developing an understanding of a circuit. However, his system shows the 
irrportertce, and power, of knowing plans in the domain pf electronic circuits. 


Risihurd C, Waters 


S A PROGRAM UNDERSTANDING SYSTEM 


L0 


1,4,2.5 GERb^RT 

«*,„ M£T 7 15751 T “ i,h - -*■«* »■">-. it **■*«. 

She prepral a ! h^Lr h ^ i0rt T ? Z * * rQ V*^ ^ tS ffl4fct «*rifie«ion easier. 

In Wthfch? « , P eul 7 arhvle , piet « wi|h k "™" which are corned 

^respond to s^ple proof rules. This is in line with the basic work of Ftoyd and 

"program scheinaTa" which mth*!]! n? I? T ^ krn * nts and a W&an as a whale, she introduces 
which ^ Ihe d,sl|:|a1 ** basi C fjorilhns. She aE o introduces transformations 

as LnZ 1 t \™' ,Dn * ^ " ithwt fllterifl a i,s teh ««r. These two Ihin^ c3n be 

™ carwi They serve “ an i “**-“■ 

trenifn^lS^fT* !“ ° f retS ' nizi( * =* in terms of those schema and 

thl rimilSl hif J ^ *«to™i,c*jly manipulita Ihem. Her work is mentioned here became of 

cof, *, w o™IT *V PrOEf r schert * ,a * nd lhe pla " «VP» Hdiscuss^d in this paper. Further, the 

*2;z:\: r whkh to * w™ has jul** jr> ^ ™ 

w,th a pi an | »r the program, even ttough thtn ia no solicit 1eieolo s ,c a i information. 

I-4.2.6 HEWITT ard SMITH 


and 
as 3 


1974 - Hewjlt « S^I -sAT 3 5 ” P "' ta Ws,e '* * U"»™« 19731 Smith * Herrin 
HBwitV, ACTno 5 '~l, 5, t P."’*"™"* ,ssi!l * n1 system tit^ned to rrerh to rhe dorr din cl 

In “ , T ' "’* Ta)<lf CMI p( ,he " *»*“ i, proving th, correctness ot pronrenrs 

C 6m J„, “the -conir,«t r' T ip!> ™* thes ' “w «"Ph*M IS pl«e<S on counts. The control 
^ cent fad. Contracts correspond to whal are called behavioral description-* lWs 

hellv TubroulinL ^pul/output behavior pf 5 subroutine. Th* ACTQfls Formalism encourage* 

h ” • —— *'"■«. '"<•>• * 

■JtCTOS ‘Tr'"!”' VU-t-ehidim'(which ,. simile, » symbolic evslcjption), 

l_ET fl n" d , “ !,d - t!th idh'Duhnc is proved lo satisfy its contract which is ossa 

l<5 mm,a-When, proving, the correctness of other subroutines, 

wppJiBd'by ^ " EtriptVe Slfyc1ure ifl acJdltl0fl ■= *«l comments 

pre^nl imolilit J «rre & p D n*n E lo a plan « fra E m 9 nted r and maat of if j 6 Dn | y 

i he iJ ' Z ed^ -hit 5V ^, U ™s 3 io ;T Pf CDm,nent CB;led a "P-"-' ^ever, it is dilfer^t (rOm 
rh . 0 . 4 " ! ' J pspi2r - ^ Ji USlS£l f 0 CoDtiire ddnuam specific infprmelion and lo Rued? the 

theorem, prover which works wilh the meSa-evalualor G 

fitFI „ t T " 0 EV ?T d ° £a r ' J °’ deal wi1h ^towitic ge.-rerdian of descriptive structures, Any ptam-l.ke 

Th Ch UieS 3re en?erCd by thS pr °8 FJfflrt * r ' me System does c mb D dy several 

* wrtith art e« importanl pad of the research propaced in this paper t In particular it ur 6s rhe 
rdaa C.I bdbavrdral dnccr.pttonc rconlracrn. Their .dm is «,„ e „,Xd J , Va“' a w 

1976], However, meta-evaluation it still largely at the hand station Mage. 1 

I.-4.2J GREEN and BARSTOW 

11 Wesearchere al Stanford U’nivers-Jy have h«. ff n doing; considerable work on what Ibey call 
program urvderstandina [Green e t. aL 1S74J \to**v 9r , from the point of view of this paper ^heir 
work would be dcEcribed as directed toward* aul-cmalic oragramrr.nE. Green a^ Birsto^ t nu» . 
program writing system which know* .ibOut simply sort Programs [Green & BarsFow 1975] 

, uet h U ;* r u °' Ih0T sys1en wculd «nly partitipals by m»k ; n E high level design deirsions The 
sy^m woLld have e,1 crsE iy e KnOwle^e of how to actually write S or1in £ er0p !!" J** 

”" C _ E . fltr> ' eS ° n thW . which the sy*t#m would fbltow. and on whaf knowledge :he 


iystem would have to have. ]t does not discuss 


*> <n ^ Miaili how the system could b-c implemented 


fftchjird C. lAfalers 


li 


J- A PROGRAM L.NCLRSTAf'-JDJNG SYSTEM 


[,4.Z.a ff[CH and SHROBE 

deoignrfte'w^fi SZZ^rr 1 '" Ifii , cn * Shr “ b ' ! !97<b fi,[h * ^obe “ 

P^Gra-m. They anviton a tc^nano^! wh^h^ih ' ncrfiSLe?l dclah iS {he f U*damentat description Of a 

as * P r C£r ,m l bsin E * r J,“ UotZ* t' h ^ V * vel<,pod fh ^S h a ^*!o E with the user 

a p*0*rai written Ul,i«| B the ,y S tem Thev^use^lent S ' S6 .I 1 * *** N6n Qf ^b^ng She pl,m far 
rn a similar manner to He wifi's ^ta-s^lL Pn V tc Suice ver^ati™ wHich proceeds 

« :;' h * ,hB i( « ss '-»«« i ° - *— **'•■ Tt « y 
in the wiffcaET I»„ ™ 2, 7 h,l,! m ln ' s *™ i " "'. « build I he plan ,hd .id 

iroplemmitalien effods .1 the cuirent li*™'" ' BSr ' S Q< ,he " wle " 1 ' >"d are cenlinuing 

wort TW.7.^ 1 ZZl 7 ZZL bmm '* "•** "» iaws ** "« Straw. 

v« y M, iu theirs, del w OT( a na i„ , din"^^"' ««»■ 01 * 1 * 0 . 

1A2.9 IBM 

Sheridt'™/]"™^® 17IT^ 1 " 6 *■ L ■** 11 H " d “' n ' *• “•“«"■■ * I*.!.™, J> EL 
tustomiee, [Memoir. S Shielded LS76; Si^'j S'ilSiu't'jM?*Th’*'"** pr “ dUte<l J’*' a 
PrOgr,™. written in the language SDL thamner, How. Ktushe# S, wimT 

tTr,:tzt Me w ™*~ in ***-— 1 ~—m ^^M^^:, h ; s ^.d 

5SK3«#!ll«SS555HrH 

■ he use, wstly though the use si mnamLr I "' k! b7 Th *>' are bv 

r- t, Hr; v :rrvj 0 r ^ 5, :r e "piT'r::"^ h b ^r h r 

reference to .'tWMtt'i* itr«lure. ^ '° '>"P e “ h““t,sn S without 


Ric har'd C. Walerj 


12 


U. THE TAS<$ THE SYSTEM CAN PERFORM 


ii. the tasks the system can perform 


isstXm sissez 

- zs^sszzzvsz *■* * - - - 

Lnd.JrJll'I 5eC ! fQn ' Undcr5,andlri S is irtSir«Hy dfrltrwd though the astumption |h,1 Ihe »y,tfrm must 

fl jT: b ^ r'z* ihe , s ^' ord , n mi »• t yP « of ^ ^ ^ 5tem 

syilem can uiliise ife und^ndine o™ ,ta “ rite *°" a Wfl * s +h?5 1he 

The t,ZZ SST^JS! M l hr0J ^ I® * *P«iH< —nvl. pr^ram f« s 

6 ^ wI A simpler program >g subject*! to- exhaustive analysis in iect-bn I][.d, 

et r' 8 ' 2 - ^ subrajhnc RK ‘ ito ™ »* IBM SSP. All of |he examples in 4 *tti&n 
[I art taxen from this program, 


c i 


1 

2 

3 

4 

5 

6 
7 
S 
3 

10 

11 

12 

13 

14 

15 
IE 
17 
IS 

19 

20 
21 
22 
33 

24 

25 
2E 
2? 
28 
29 
3E 

31 

32 

33 

34 

35 

36 


C 

c 

c 

c 

c 

c 

c 

c 

c 

c 

c 

c 

c 

c 

u 

c 

c 

c 

c 

c 

c 

c 

c 

c 

c 

c 

c 


PURPOSE 


INTEGRATES A FIRST ORDER DIFFERENTIAL EQUATION 
□Y\DK-R«(Jt P V) UF 70 A SPECIFIED FINAL VALLE 
DESCRIPTION CF PARAI1ETERS 

FUN -USER-SUPPLIED FUNCTION SUBPROGRAH UITH 
AFIGUfiENTS X,V LIP I EH GIVES DV\DX 
H] -7HE STEF SIZE 
KS -INITIAL VALUE CF X 
YI -INITIAL VALUE DF Y UHE3E YI-FiXU 
HF -FINAL VALUE OF X 
VF -FINAL VALLE OF V 
ANSX-HE5ULTANT VALUE DF X 
AWSY-RESULTANT VALUE CF Y 

EITHER ANSX-XF DR ANSY-YF OEPEWIJilG 
UN LHICH ]5 REACHED FIRST 
lEn -ERROR CODE 


IEfl-0 NO EFBROR 

Jer-i step size is zero 

REhARK5 


TF XI JS GREATER THAU 
IF HI 35 ZERO, ]ER=i t 
nctHCD 


OR EQUAL TO MF. ANSX-XI AND' ANSY-Y] 
ANSH-KI, AND AN5Y-fl t B 


USES FCUR.H ORDER RUNGE-IOJTTA INTEGRATION 
PROCESS UN A RECURSIVE BASIS, PROCESS JS 
TERH3SATED AND FINAL VALUE ADJUSTED WHEN 
either xf of yf is reaches 


c 


n 


c 


12 


SUBROUT IKE HKH FUN t HI. X1,VI, XF, Yf. ANSX ,AN3Y, [ EP > 
IF XF IS LESS THAN ER EQUAL TU Hi, RETURN EXT v[) 
]EFk0 ' 

EF (HF-Xl/ 11,11,12 

ANSX-XI 

ANSV-VI 

RETURN 

TEST INTERVAL VALUE 
H-H| 


3? 

3£ 

33 

40 

41 

42 

43 

44 

45 
40 
4? 
43 

49 

50 

51 

52 

53 

54 

55 
06 
57 
5S 
53 
E3 

ei 
B2 
63 

04 

05 

5b 

07 

0S 

09 

70 

71 

72 

73 

74 

75 
70 
77 
7S 
73 
30 
Si 
32 
S3 

34 

35 
30 
07 - 
as 
S3 
90 


36 


C 

C 


C 

C 


IF mn 16.14*20 
14 IEJM 
ANSX-XI 
ANSY-0.0 
RETURN 
1G H-HJ 

C nr, SET H. YJ^-tNr TfJt. ¥ 

20 XiS'^XI 

VN-YI 

C INTEGRATE 0,'iE TIME ETEP 
Hh£U^H 
JUflF-1 
GOTO 170 
25 HNl-XK 
YJ-Jl -YY 

C FfMXNi-XFl 50 K 30^^ T ° K FCNAL flR * NCH ACCORDINGLY 

C KNl-XF, RE TUPS IXF.YNjj A5 ANSklEfi 
AN5X-XF 
ANSY-YN1 

GOTC 160 

Xn: GREAT0P ThAf, X FINAL, SET NEU STEP SUE AND 

i! J Jn Cfl J TE tl4E STEPl ^ Tmi Results AS ANSUE9 
h %EUwXF-XN 

JUP1P-2 

CPT9 m 

ANSX-KX 

ARSV-ry 

cars 1E0 

xni less than x final, check if ivn.ynu span y fiwal 
If (lyNi,vF)»tvF-,Ni) Ee.78.jj S 1 L 

»Sj Nt MES ® T SPWI VF " SET REPEAT 

XN-xni 
GD“ n_170 

CHKe UHIOf iND "*«“ pfi0SER 

ahsy-yn 

AW3X-XN 
GOTO 160 
ANSV-YW1 
AN5X-XN1 
GOTO 1G0 

r^wa 1 ? ^n S rF ' m f ° F1 ™ * VftLL£ ASSOCIATED WJ TH Y F 

LiU 1.40 I ■H’l ^ ] 3 

iNIzRPQLA’E TO Fiha NEU TENS STEP AND INTEGRATE ONE STEP 

TRY TEN interpolations AT HOST 
kU i (YF-YNI/IVNl-vN] i* (KNl-XWJ 

JUMP-3 
GOTO 170 
115 KNEU-XX 


40 

45 

se 

00 


70 

30 


100 


110 


YWEU-YY 

COMPARE COMPUTED Y VALUE LlLTH VF AMU BRANCH 
IF tYMEU-yFl 120,150,130 


91 

92 
33 
94 

35 

36 

37 

93 
33 

183 

101 

102 

133 

134 
10E 
IBS 
107 
138 
103 
110 
111 
112 


C ADVANCE, \F tS BETWEEN rNEU ANC YN1 
120 VNiVNEW 
HN-XNES4 
GOTO 140 

D AJVAKCE, Y“ ES BETWEEN VM AND YNEU 
130 VN1-VNEU 
KHl =XK'EU 
140 CONTINUE 

C RETURN IKNEUpVFJ AS ANSWER 
150 4NSK*XhEU 
ANSV-Yf 
1GB RETURN 
C 

170 H2-hNEU/2 r ,0 

T l-HNEU'+FSJN (.:<N, YN!l 
T2-HHEL|*.FUN fK\+h2„ YK+Tl/2. 0f 
T3-HN&WFIW (XN+t+2* YH+T2/2,01 
T4 rHKtUnf LtM UN+HN&J, YN+731 
YY«YN+ (71+2.0*12+2. 0*73+74] /S>& 
HX-XN+HNEU 

GOTO [25,45,I15}.jUhP 
END 


JU ANSWERING QUESTIONS AE3DU7 A ^ftOGRA^ 

Of ? in ? l !“ CUBh e ^ mP " E ' c! *™ 01 flUMlittns *hi t h cover most 

1* “ " Dul ■ ^ ■* *+« h « "=—i. -».™» 

*■—-- 

sr £i~3r£ ™ “•'■ xr ta m:w£r“srii :: 

easic f lt V- a re * S5nable MS'*"! -* * Bec.ion Of Ihe pt ogr affl fhai can be looked it « h* ™ ! 

tztj: own fish ‘ 11 hw ,npui& ° uputs - ^«** -*• it 0 « P j f :n:z: 

[rt Ihe e K ,mp| eSj (, nfy reasonable scents are rationed. If a user ashed ihant , rt 

v,l r, w °““ ieM hi " ,hst me *■*«"' «* ■»■ ™ *irX ,?s,i» 

hin a belter ,d„ of Ihe tegmenfition sa tint he ccgld 3sk a SeUer <, um ,; 0pl * * 

]U.l REQUESTS FOR DESCREPTfON, ’WHAT" 

ask ki L " d ° f qu,,i1iC]n whlch can b * SEhed [ *> 'Vftiat it thisr The question does not 

srand schen,e ' rhe ^ -*** * 

l}W/j-at is Tine 30 of £J?s program Ml? 

ll 1Crfflin * part Di a dala fio * P a!h IO ^mmuni^le 3 

to the outside Of RK, via the variable TEE. 


Richard C. Waters 


N, THE “AEKS ThE SYSTEM CAN PERFORM 


L5 


Z> b'hafc is J i n a $S? 

It is an ARITHMETIC IF s I ate rra nt for h^ing pa't of ihr control IlOw connective 
tissue. 

3)W*ia£ is 'XF-XW" in Une 69? 

It is i use ef tine primitive Funct on m*nus which computes a<*s-c. 

Questions such as- t.-e abovt; :irc- not very interesting. This is because it is obvious to us wfhat 
such srrai pee-s Ot the coce do. |t should be nalsd, however, lhat -t is important that thp answers 
TO these questions are also obvious to Ihe system. Even it ro user ever *s*s such questions, the 
system wilt ash itself Such questions when if 15 Irvi-ig to answer mere diificutt questions. 

What cue shore become "nore interesting when they arc asked about larger sections of the 
code or from a rvpr-local point cl view. 

A} Mbit does Eta Is segment fJf oesr 104-1 JO) Ot? 

3t performs one step Ot integration. 

5} In aiore iltLail, p? ease. 

Starling with JtN, YN, HNEW, and FUN IE computes XX-MM+HNEW and YY-FfXX} 

E ven Thai FUMiX.RJQ^dF/d^XJ, and YN-FfXN). 

Note that, in this answer, the system used Eh* variable narres n "he program as names for the 
tiata item? it was talking, about. Internally >s {Sues not name them that way. It realizes that the 
variables Ore Only part at the 0019 fiQw cOn-srtlve tissue, ard are not satisfactory as names for the 
data items because one var.abe ot ten Carres Ogiraliy unrelated dal* items m ditferent parts oF the 
prdgram. This ^withstanding, it is probably oofter 1* use the variable names when talking t* the 
user than ad Hoc new nacres for the dala items. 

6JU‘7iat dOCi this segment (lints} 60-64} do? 

[1 compute; ANSH-kF and ANSY-F(ANS*> starling with m, YN, and FUN given 
that FUNCX^(J4))-dF/dK(X), and YN-RXNJ. 

7} FrQU) {fic pofnfc of view of that segment p fries' 60-64) what 
0'0€J "Xf-XfT ffi T faze 60 06? 

Tl computes KN'EV. 1 such thal XN*h£i£W"XF, 

'What" question; arc answered through reterpnee to Ihe .ntrinsic and extrinsic be-haujoral 
descriptions Of segment; (behavioral descriptions are disgusted Fully in section II [.2. i}. The 
difference between intr nsic ana e Kiri ns c behavioral destript ons is illustrated by the difference 
between the answers to questions 3 and 7. 

When asked about large segments, the answers Eo "what" questions are not obvious. The 
answers to question; like 4-7 could aid a. user an understanding, the program RJ(1, Still, the answers 
tb these questions -do not enolam the program, they only describe it 

[LI .2 REQUESTS FOR EXPLANATION, "HOW" 

“How" Questions ask tor an explanation of the intern*! workings ot a piece of ? program. Foe 
example, "How does tnis work? - A - r e!ated set cF quest ons t;k; r>ow a piece of a program interacts 
with larger pieces containing it. Fpr example, "V-'hert is this executed?" and *Wnere do its inputs 
edme from?" Tbe;t quashons are really juit asking fqr an emanation of an fl;pett <d the workings of 
the containing segment. C&n^der some examples. 


Richard C. Waters 


tl. Th£ TASKS THE SYSTEM CAN PERFORM 


16 


S> Woiv d Des |f rte ju wor ^ 

Assignment is * primitive ope t alien whth copies a, value (here £) 1o a variant 
■ihere -“.n.i, It farms a link in a data flow p-alh. 

k'rtiid 7 3 Ti'fte 35 executes? 

I. s enetuleo Dfvte every ti*na fiX! isr. executed. however, logically it shpjld 
Only be executed when XJ>XF v UM. The Sine was fader erf tp \U Current 
posi^On frcT -at segment (lines: 32-33) and Ihal iegment (lines: 

Jb-3., ,42*331), When x(<XF n H]-£J I he elfcets of iine 30 are Overridden by 
fine 3S, * 


.'Jole t;-,?; the system volunteered informal ion about She fedoring of Imp 36 i\ did this because 
it understands thal the simple statement "Line 33 rs executed Once each tin* RKi is.” is misleading. 


10j Wow doe* Jine g] n/ork? 

:i uses the FORI PAW control flow construed ARETHMETIC IF to convert the 
segment "XF-X.~ in.to a prec,cal* determining whelher XKXF o r not. 


IDifaw does thi'j segment /tines: 00-54) work? 

i.■ :.■■ basic segment (lines: &£-b 2J is * composition of line 60 (which determines 
HMW so fhaf XFAXNthTOWJ and thaj stgmenl (linos: 104-110) {which performs 
a Jtcp el intcgralion yielding ftC-XN+HMEW-XF and YY-F(XXJ)L Lines (£1,6-2,111} 
To * C fi! Dl rtnfwctiv * 1i«™ i nrijB-lemertting the lira to that segmenl (lines: 

. V -1 ) Si. Lines (63,6SI are data Now conruetive 1 issue- passing the results 
a Ibnj. 


l£i Whep fj tfrfj jejrreni (Tints: 50-54) weed? 

When lhat loop (linos: d4-53 r 67-7 L3 terminates with X?JL>KF, th*s segment 
(lines: 6-0-64) is used 1o compute the njsulls of the program R<l. 


These Questions. are answered through reference 
describe- how segmenls- interact to form larger segme.ds. 
which gel at specific aspects of this interaction, 


to plans (see section [11.2.2)-. The answers 
The next two sections cescrioe questions 


IU-3 REQUESTS FOR PURPOSE, “WH^ 

A question of this type asks for tha purpose of a cbnslruct. It asks why it is in the program, 

ja^UWiU fs tha purpose of Jffl fj? 7 f j?e 30? 

me purpose of th»S use dF the vanaole [EP 1$ to form part qf a data flow path 
carrying th c value 0 1q the outside of wKTl, 


14) UTAat Is the purpose of this data FJow pat* / the one 
Trtp i e^rer?ted by Una $0)7 In the situations where XlsXF v H|*3, Ihis path 
<?rr es on* of Ihe outputs (3) Of the program, as required by linjjs (17, IE, £0, 
Sti It is incidental {not pari of Ms purpose}, that i| also starts to tarry 0 when 
XhXF A Hj=0, Tub value 1$ overridden is thus case. 

IS! Why is 7 foe 31 ip the program? 

This predicate determines whether X|<3(F Or not. This is done 50 that the 
compotalions requested of She program RX] tan be divided into Iwo classes, One 
where X[<XF and one where XteXF, 


Richard C. Waters 


17 


EJ THE ASKS Tt€ SYSTEM CAIV PERFORM 


EfiJWfiy is this segment (lines: 60-64) in the program* 

I n» purpose- OF this segment is Id compute AN£)i and ANSY, |w 0 0 f )h e resulft 

c e projfam RK 3, in Ihe? situation w>n?re that Jaof. (lines? 44-53 67-71) 
termmales with tfN)>XF. * 1 

Not * between the answer to lhi s quest,on and the answer to auction ]S The 

"* " nlainirt * ^ hB ™'* -iBrtwmed. AsKr* W 

1?) Hhflt Jj £Jic pur-pase p f n n£ 377 

Due to Ihe (Ml that Several tests have been combined into this ore construct It 
&erv*s three aist ntr p.rp:i.es. First, if de I ermine? whether HJ-0 or nol. This' 14 
Lsed 10 divido the t&mputaliqns requested ot the program .RhTt into two classes 
Second and third, in ihal se & m=n1 tiine*; 36, 37, 42), lhis line (37> implements 
two predicates. One cneck* whether Hj-c0 and the other cbectcs whether Hl> 3 . 
iocso a'e used! Id divide the problama lacco by that iegmenf {lines: 36 37 421 
which cbmpMtcs the aosolule v«lue ot HE, into two classes-. 

Hem it rs icon that One piece OF cade may have severaE distinct purposes. 

IS) Uhy 7j Ij'n-e 60 in tde prugrart? 

It is composed with that segment Hines: 104-110), j (s 0|j( * u[ ^ f JEW j& 
compiled so that when HNEW is input to that segment {lines: 104-110) (hat 
segment will produce an output XK-XF. 

These quo Elions are answered through referee to purpose links in plans (see Motion Ul,2rZl 

11-1.4 REQUESTS FOR JUSTIFICATION, 'WHY' 

s ™f! ““V'”™ lsh f " r ,h " reis 5 | ' **1 swelhirg is but, Cites soir,sili,n e is Iru. becausa il 
alesTn (rom'e , "1'™ * ,ruB ' In lhil • lUrtHIcHan qwst»“ is Jsjst , W rpMe 

Borcs-es A tta ,I, "*"■ He “'"* r ' «*r "w "™" Sols o! a sejm.nl ere recorded 

S'ed iss&s :” ! P T. ” i¥ be ■*“ * *** ~***—«- •“*-* - - 

19) Uby is the prerequisite of line 
number satisfied? 

■' IS . b *“ U5<r Ihe same requirement is a prerequisite of Ihe immediately 

OOntaming 5C gmerit 1 linear 60-64) and its 5 attstaction writs a Vffr . 

20J Why is this prerequisite for Tines: 60-89} satisfied? 

3ts satisfaction is guaranteed by a chain pi prerequiiiles reaching bach to the 
prerequisite* qJ R<J. The value 01 XF ss carried unchanged from an argument to 
Ihe program RlC] which is required 1b b? a floating number, 

bees "" iS e ,n! r r "" d in 1 ,u " ,D ' ,h c pf-.reqyisjle. It,, System .r»e, 

ebdee [f BK! ifcstd lilMhV ' ? 5'“??.' a ™- ^ is "" Wlter JdslifiMt*, I tad Ih, 

aoove. 11 MKj IE called with the argument XF which is nol a tlaslihg number, j| will opt work 


60 ti'iat XF be a floating 


Si. 


62) Of that sesment {lints; 

is the 


£1) Cohs itfer the use (lines 

104-110} in this segment {lines; 60-84), Why 
prerequi s i Le that HI-iBW he P floating number satisfied? 

li* b ® cau f* m ou; Pw1 3iSBrtion of line 66, ihe source of HTJEW f states 

■ hat HhlEW is a f.baling number. 


Retard C, Waters 


18 


iJ. Tk£ TASKS TH- SYSTEM CAty PERFORM 


Data i IO w (Finssj 6£-64) ma^es ANSX-JOt and ANSY-YY. It i s m cutcuf 

wtSv'Sr th V " e .T nl (,in * S: 104_U0} - 1hE S<A»™ ?l XX and TV hat 
YT-F(XX3L Therefore! ANSY-FfANSX). ° ' T| ,n * [ 

™ Ut «*"“* p™-* 

?£ 4 .'Si IT" &3> m * kes [3 is ™ «^rt,on «( (hat » En ,ent (lines: 

1B4-H0), (he £Qjrce flf XX, that XX-XMHttW, ]1 rs an assertion oi I ne £3 ih^ 

! °“ f “ of WWHUW^WHKrtF. Ttarefor.; AW " F 

C0rj“y' Xmn^JT ?J?£: Tr ™** t! <™> «. prove 

required, whsh the eysten rriDvrlmin-, u *1 n ~. If" 1 0n ®t raw P 1 **' ^ 4 hio r o complex proof in 

*•*«<„* of the zztxx icsyr ,vs,em iu ” believes ,he 

! V^ t 1, .£ /“iti-Ut!’ZtV^^‘ ° ssiru °" ° r this 

T"H 4 P ' * r rquititcs of this seeder? (lines; 104-1101 nurirtro ik ■ 

trL? t£n«" dF lh d ??'i h"* VN ‘ F<XN) - The Dr0 5 fa -' )1 w'itar claim'd that it was'"* 

* theo re™ that ,t Sties* prerequisites w er* me! th<n evaluating the equal on 
implemented m liras (134-110} would yu'd YY-F(XX>. equation 

the OSSA S ’ he **•* 

ti " ~ — 

Th«s queitM are *■>««« Ihroojh referono, 1o ,e,»„ link, in pl.re («, « e || 0 „ f] lo P> 
would ‘T/t "I" «""•» "«««•»«» >n the last four neoliono 


•5 a program. 


]!.? AIDING T«t DEBUGGING PROCESS 


* program, and Jhe operal ion infonded by the 
s- designed Id aid s programme f in detect! 


Any difference between (he operation cd 

SSSwe* ^ Thf$ SyS ^ m iS de '^ rtCd 10 BIP 0 prQ * rammer ^*«tin e and eliminating any 

:Mr.,r d r,^ 

■— - r ssrai-s <t 

the &5P r r,o prosrsmmer ever inlend? td divide by sercl 51 ■*' 

Th^ re SU ,t of Shis process H a single entity, grand plan. It sp^iFies wh fl 1 the system things 


Richard C- Wjlert 


19 


[] THE tasks THE SYSTEM CAhf PERFORM 


thfr f PtreSion ml ended by :he programmer te„ and exaclly how the program implements this operation. 
The syslem cannot represent bath Eh# operation pf the program and 1 he intended Operation of 
the program ^ilh cne description if if thinks there are any differences Stelween Shern Any 
difference!? it ever finds are reported a$ bugs, 

11.2.1 FINDING 0UGS STATICALLY 


The sy?1em uses the progr 3 rp.T;er''i annotation as a guide for developing a description Of the 
Ooe r a1iQrt at e program. After this is accomplished; the annotation, and general knowledge about wnal 
moces ol op C r 3 |ion are reasonable, are checked against the operation &F (he program. The system 
l-i*s .0 justify th*3 the intentions af the p-c-grammer are realized in Ihe program 

Looking at a particular steini, the system may prove thal it is valid. In that case, fme. On many 
Occasions, the system will not De able to came ;o 3 ny conduSEpn about the validity of a claim, in that 
case, the system just bel eves the claim true, wills remembering that il is Urvsudst a dialed. 

Alternately, the system may bs sole to prove that the claim is invalid. ]n th?t case, the system 
reports this as a bug. These bugs, which are found via pre-eHsCuliOr. analysis of the program are 
the subject Of this section. 

nere are several genera claims which can oe assumed 1b be intentions oi the programmer fat 
east with regard Eo simple mal hematic at FORTRAN programs). These cla ms can oe used Id uncover 
ma ny bugs. 


One claim is that Ihe extrinsic prercc;uisilcs o? every segment .must be sstrsfied. This is to 5 py 
thil no programmer wilt deliberately use a sejment with inputs outside its staled domain of 
applicability. Testing this claim at Ihe oeginnin* oi every use of every segment leads to the detection 

o J bugs such es intompaliole subrouting arguments, using, the wrong variable name, leaving out special 
case checks, etc, 

Anct'ier g.#nera claim is thgl Ihe safisfactidh Of the extrinsic prerequisites for Ihe use of a 
segment must imply Ihe satisfaction ol ihe Sntnns.c prerequisites- of the segment, [n a similar vein, 
the intense assertions of a segment musl imply the extrinsic assertions of lhai segment. That is to 
say, Ihe segment must be Capable o! what 11 has been ashed to do, These claims uncover bugs based 
on a misunderstanding of ihe inherent abilities of m segmeral, 

Id addition, there ere olher mar# specific claims- Claims such so loops must termiria3e- 
uni ml i allied variables sanryjl be react or rtturwd, etc. Many of ihese can be handled by properly 
slating Ihp prerequisites 0 J Ihe primitive constructs. 

The realiy interesting bug utter hen invohei, comparing, what the programmer said should 
happen with whet does happen. Consider Ihe example program, RKL. inasmuch as it Is a published 
program jhit people have seen using for yoars, i! has no bugs in it which <,m lead td catastrophic 
failure o J the program, .-iQwevpr, i: dees npl operate .n Ihe manner thal Ihe comment dearly indicate 
that <1 shouid. 

■dr enampfr, #n examination pf Ihe program readily shows thal the comment in lines (20-21} 
does not correspond with the ooeralipn of the program, The cOmmenl cteirfy slates that K |>%f ^ 
ANSY=Yt ard thal H[=0 - AN5Y-0.0. The way Ihe program Operates is +hpt XJiXf AN$K=Y] antf that 
A.JSY=3,9 on y if H]=fl a Xl*Xr. it can ba seen I hat this i$ * bug in the coa-n-gnt, not <n the program, 

. he mode of Operation indicated by Ihe comment is impossible sonce XteXF and ate not mutually 
exclusive conditions. It is also dear that this Is a minor bug, as long as tome olher programmer does 
out take the commenl seriously and wr^te another program which depends on ihe lact that -* 

ANSY^E.0. 


A more serious bug is involved with trie search scheme embodied in lines (SI-3S), This 

segment uses repeated interpolations to seek o u | YWEW such thal F(XNEW^YF, It is oasicaNy just a 

si ghtly unproved version oi a halv ng search (in wmch line would be HNE'.Vx(XNL-KN)/2). The iiey 
to the method Is thal 3he interval {XN,XNtl) aiways conU.ns a rest ot F(X)-YF and that the size Of Ihe 
jfllervai decreases at ca^ch siep. The simple maLvirg search is guaranieed to improve the accuracy o.f 
toe result by a iaclcr of 102J in 10 jtarations. 

The search atarts with YF in the intervu.1 {YN.YWl) (mate the comment line 20}. A new value pf Y 

ts ealeu aled (YNlcWf and I hen the tesl io line 93 :s used Id oetermine whether YF is in the interval 


Richard C. Waters 


23 


ir. the tasks the system caw perform 


iYKYNEVJ> Qr Ihc interval (YNEWjML), Thi-i inlenlion Is indcaled by Ihe comments in [ines fBS,91.95). 

he problem. is tost the particular p r frdicete chosen to make Ihe dele'minglion will work correctly 
Only when YtiKYNl. If YW'YNl, il consistently makes the w'Ong choice. As a result She search will 
only work in the intended fashion when YAKYNl. This, however, 15 pot assured. 

The J orm of the test in lira 67, wnich performs a similar I unction, indicates that ihe programmer 
did not inlend io hm.t RKl 10 working on nQnolunicalty ine*e»$ing functions onty. Therefore it it 
probab y the test in lint 93 ivh'ch s in error, and should be changed 

W th this bug, Ihc interval {XNjXM) i-s no lorjer guaranteed lo decrease in sie-s, &r to even 
contim e rpol oF F(K)-YF. Tms. would ie-a-d to tons derate trcub e H it were no! for the fact that the 
search segment it robust, first, line 84 can extrapolate as welt as interpolate. Second, the segment 
implemented by lines will work fine with HKBV<0. Third, the segment implemented by lines 

{$£-&?> tends to create an intend (Yf^YNi) coni a mi ns * rog| ol F(X)-YF where YtNflWi. As a result 
cf this, after thrashing in the first couple oF iterations, Ihe search begins to work more or lass 
tflrreclly. : his is probably why fh.s bug. was never found. Only ra r e palho Dgic&l function's Can Cause 
C a'aslrdohic failure OF the search, 

i his is an example of a delin te bug I hat can be detected by comparing She operation pf the 
program with .he inlent (ins cf the progremmer, bu! which is almost impossible SO delect by looking at 
the performance of the program fiXl on test data. 

The program RKJ has several Other bugs similar to the two died above. 

II.2.S FINDING BUGS DYNAMICALLY 

The system reports a bug $Uti»Hy when il s able to disprove a general claim, or o claim mpdo 
by lha programmer, aocut t".e program, However, Ihe system epe? not have an ela&arale deduction 
mechan sm. [t uS£s mam y patten matching and trial by eg ample. A.s s result, il is often reduced to 
accepting a claim pri Faith. 

The proposed system has tne added ab lily tc execute a program n a careful mode where it 
cor-tinijally checks all Ih-e claims t was ndt ab-e to prove valid. This is essentially just letting a user 
OF the program indirectly surest what data hams snogld be used in order to check the claims by 
means of trial by example. 

tf a discrepancy is discovered, the system proceed? basics ly Ihe same way a? if the bug had 
been found helically through a fortmto-us choice ol trial by example. The ordy differtno* is that the 
partial computation car be used to help u"denLand Ihe bug 

Suppose that the two bugs described in Ihe last section were not found stalieatly. The first 
bug would be detected tfynarr,ically Ihe first lime =!Ki was called with HI"3 and XKXF. Similarly, the 
second hug would be found Ihe first time that the search was initiated with YNKYN 

11.23 UMDERBtANDlMG BUGS. 

The last two sections talked about detecting Ihe eKistenpe of a problem. Once a problem i-& 
detected il eiusl he traced beck So ts source so thal i| can be corrected. 

Most computing environments do a certa n amount of dynamic bug detedion. For instance, they 
continually theck claims such as: non-cxistenl mercery will ndl be referenced, and division by zero 
will rat be attempted. IF, for ex»mp e, an 'legal memory reference occurs* the compuling tnvrronmer-t 
reoorts this as a problem. The programmer Ihbn bagins Ihe involved process of find ng the source of 
th* bug. This system starts Out more than h»l J way cars with Ihis process because the problems it 
finds ?ir 0 at a much higher , apical level. 

A useful system should be able to converse ^ilh s user about a bug. just as it can about a 
program. ]n addifion, il should be able to presenl the issues involved so that the user can make 
decisions abo ut whal shoo id be char^nd. 

The system. d^tert*iines what the .relevant issues are by asking itself questions. It asks whetfier 
there was any justification for Ihe cla m which h fl5 just turned oul to be false, tf so, this juslificatipn 
is obviously spurious. The system tries to see whether any oarl of it hjp gn Obvious weakness. 
Dependma pn the type of error, ihe system determines w.njt Ihe other segments involved sre. Fdt 


Richard C. Walers 


2 L 


JL THE TASKS THE SYSTEM CAN PERFORM 


instant?, what is "he source of the variant nput or wrip will rneciv? Ihe var an! output. 

Consic?i' Ihe Mrs! bus. in RK3 d.seusscd above. Suppose that the system d stovers statically 
Thai when XlYXF and H\*%, ANSY-YE thou?:-, the comment in line 2] claims Shat ANSY should equal 3.0. 
The s/stem neigh! report Ehi? js Follows: 

■ oere is a- de sc re-panc y belweer the v-mut- pi ANSY returned by the 
program, and Ihe comment on Lne 21. When XEaXF anti Hj=0, ANSY=YL which :s rot 
neccesssrily equal t* 3.0 even though H]-&. 

The above identifies the error, but it is net enough, 'he system should prese.nl a more 
complete cescr.pF-.of. of what is going * n as follows; 

Tha top level slruclUfe oi the prOgrrirr, fiKl 1 , 5 . a CONO XOR (se“ sett ion 

111 . 3 . 3 . 21 , 

"[EF XliXF THEN ,, ELSE [[F Mt-8 THEN „ ELSE... ]]" 

This i-mpliej that (KL-3 a XKXFi -* ANSY^S.0. 

On the other handj t.ne comments On l>nes (26,21) indicate that the loo lavg-l 
struejyre ql Ihe program was intended lo be either an AND (set motion 3E1.&L1). 

h [EF xraxF then ... ] and [if hi- a then ... ] and _ - 

Or a CASE XOR (see section [JE-3,2.I>. 

'select Ihe One applicable case and perlprn the corresponding computation 
CAB El X[£XF THEN ... CASE2 Hi=0 THEN ... CASES XIOiF A Hi*0 THEN - 
With either structure HE-G should always imply fal AM&Y-0.0. 

Tfii^ describes trie true nature of the destrepanty between the program and its annoTofibh. 
the system should go on Fc volunteer added relevant information such as: 


XliX 17 and HE-0 are not mutually exclusive situation;. 

As a resell, a CASE XOR is nol reasonjib:? as Ihe lap level plan for RKI, 

Further,, wher. both conditions hold, it it not possible for AHEY to equal 0.3 as 
required by line 2) and to also equal YE as required by line 23 when YEyB.E, no 
rtiatter how the program .s implemented. 

This last statement points oirectly at Ihe cause of the problem. The system has noticed that 
fh* comments or. i n*s (23,2].) are actually bootradiftd J y. The most reasanab e way to fix this pus is 
to Charge the cormertts smee I hey ere unreasonable, 

The system Should give a similar in depth analyse df the second bug in RKL Suppose that the 
system found 1 his- bug dynamically, ct migrit say sOmelh n g such as: 

The comment on line 91 md.eates that it is a prerequisite of the segment 
implemenled by Imes {92,?3) Lh^F YF be belweeo Y,\£w *nd YN1. tn the curren! 
iituati&n this is nol Ihe ease even though axe cut ion ol tne seg**n( imp e.-nenled by 
lines (92,53) is aoout to begin. 

El ShOu d be rote d that the test on I me 90 tested only (hat YNEW^YF. The 
programmer implied that il could be proven that YF is between YNEW and YN1 
whenever YF was between YN and YNL and YNEW^YF, ’pis is abvipujly opt the 
Case. 

The system first describes the conflict whicn has arisen. Then it identities the theorem which 
had teem used to |ustify that XF who Jd Imfetd op ooiween YNEW and YN1. 

El should be r.oted that Ihe system probably would r* 0 l be able to develop such a pilhy 
justify a Mbo From Ihe program 35 il stands. The system would start with a justification based On all 01 
the prerequisites OF the segment {lines: SJ-9S), all 01 the assertions of She segment {lines: SA-S3), 
and the assertions of Ime 56. This contains a, lot of irrelevant ir-fOrmaiion. 3n order to disiiU 1h:s down 


Richard C. Waters 


22 


t]> the tasks ti-e system can perform 


td s concise justification, the system would preO-abiiy reed aisiEa-nCe fro-m Ihe user, Fof instance, ihe 
system might ask, "Why dees Ihe fqcf tnal YNEW<YF 1rom lira 90 imply lha! YF n be-tween YNEW and 
YN], as reauired by lira- 9i r :"' The user might answer "Bemuse Y r 15 between YNl and YNL,’ 

Anpfhgr piece dl intorm alien th* system-mutd give Ihe user would oe % counter example. The 
system could use the values 'hat "he var abtes current y have from the partial computation la guide it 
in the selection of a counter example to Ihe aoove theorem w-.r- would illustrate the pro ole w. 


For example, if YN-A, YFh 3 , YN]-], and YNEW 1 -? t*en dearly YF-3 is between 
v N-4 ard YN1 — L and YIvlW -2 is ess thar, YF=3, however, ¥F-=3 is not between 
YjNEW- 2 and YN]-1, 

The user coyl^ ask for more informatton if he desired, in order Id decide whether the test on line 93 
Should be -mange d, at * prerequ site requiring thal YNsYNL shoufd 00 added Id Lhe search. 

11-3 UNDERSTANDS MQP[F [CATIONS 

Tnert are two main aspects of modification: deleliOr, and insertion. When something is deleted, 
the system musl as*, itself wlraf depended On the existence of the deleted section, whjt loose endi 
have been loft tangling. 3f there arc no oose erds, Ihen Ihe section must not have bcc-h used lor 
anything. 

'When 5 section is inserted' the system must ask itself two questions, "What contribution is this 
section going to f ake?" *rd "What problems is it going to cause?" The system car. get hints about 
the answer to the firs' cuesE or- oy knowing that a sechon is replacing another, cr supposedly (iying a 
bug. 

There are many potential problems that a modification may causa. Control or dale flow paths 
may be disrupted. Needed assertions may be cele-Eed or ccntrau Lied. This could cause justifications 
to boCQmc irwa id. It can be seen tojf a lol ol work u required h order to assess [he ramifications of 
a modification, however, should *lao PC noted that a Id Cf Ihis same type of work is required when 
the system analyzes the program in Ihe fir si piste 

Consider come examp es of how "ne system x j=hl respond 1u a suggested moditicalioru 

2&J What wou 7o happen if 1 ine -Jo weya deleted? 

[r, the s.tuat o!"s wnere XtiXF ar HI^E, tho argument to RK) corresponding to 
the variable ]£R would be returned unmodified. Tn s contradicts Ihe cdmmenls 
or Mines {] 7, [ £,£0,21) which slates Inat LER should be EJ. 

25} What would happen if Jfftd JJ ivShc changed to 
“J.F (XF'XIj 11,12,12*? 

"be new pregram would be d.fterent m that th s segment {lines: 32-33} woyld 
Orly be executed when X]>XF and the re si of the pregram would be eyeculed 
when XI*XF as well as when XNXF. 

When X]=XF ard H|-0, |hen ]ER woLld eq^al 1 and ANSY would oqual 0.8 
whereas, ]ERr3 ar-fd ANSY-YJ in the unmfldi) ed program. 

When X[-XF and H]r0, il seems £E*Bynh j (the system) cannot prove it) that it is 
still the case that ANSX*XL and ANSY-YE as required by the comment on lire 28. 

2?) Wd(i£ fs your justification for the fait statement? 

Assuming, X|=X? and HlY 8 , tnen for all cf the examples 1 (Ihe system) have tried, 
that iopp (lines: Aq-53, 6?-? 1) Terminates on the first iteration with 
XUH-Xt+KMEW^KF, Th s causes Ihis segment (hnes.: 60-6d} to ba executed. 

Again for all of ihe values E (the system) have chosen, HNEW-0 and tberetere 
AIVBX-XX-XN+a-XMF and AWSY-fY-FsXxt-FfXiJ-Yl. 

Et Is entirety possible that the system would actually be able Id prove the assertion. It is 


Richard C. Waters 


][. THE TASKS THE SYSTEM CAM PERFORM 


23 


int*r«linB however tfiat I he very simple deduttiv* methods, Inal by and aybsl itirt.sn at 

6duals, lead ,C a such lucid explanation Of what it happening, 

*bove N&W COnSlder " >0dj|l<c * tlCns which ™-3 h E he p^posed ?* fixes Far th« two bugs in RK1 discussed 


What iwop-Td happen if line 22 were changed to 

l c otmmzse if nuum then , ansx.-m, rn ansy^.o"? 

hi& would eliminate the bug by removing Ihe tonfiicl between the Old line £| 
and the top level structure ail the program, 

Mdle, comrnenls as well as code nay be modified. 

29} W hat if the test in ?fos 90 were Changed £o 
”If (YF-YNEW) 120 , 250 , 139 *? 

1 (the system* assume you intend to claim that M is hue lhal when XF is 
between YM and YN] and YF^YMEW Ihen YF | 4 between Y,\EM and YN1 
This is true to* the orempie whrch brought up Ihe bug. However, it also has 
counter-examples tor instance, when YN=], YF*2, YMlW- 3 and VNl-4. 

30} Uhat if the test line 90 is changed to 
“If {(YNF.W-YF)x{ YF-YtU}) 13 QJ 5 Q. 12 Q"? 

As far as I {(he system) can Jell, this lixes Ihe bus without disrupting any of the 
dtrier uses of line I)?. 


Richard C. Water* 


24 


j! !■ i DECOMPOSITION OF A PROGRAM 


TIL MOW THE SYSTEM WORKS 

This paper is a proposal. As a re$u t f 1 hi-s. aeclion claims Id be neither compile r>qr complete!/ 
acc urate, ,t Oply tries lo show Ihai it should be possible La ech eve the behavior described in the 
rest Ql Sh e paoer, Wilh this in mmo, consider !ne fa,tawing osscriPt on pi hew the syslem might 
work. 

Thp system constructs 5 logical structure, the gra'xd plan, for a program, This structure shows 
how Ihe problem pf achievirg ihe goal of rhe entire prggrsrv: is reduced, through (he program, Ip 
subprpbiems wh eh can be achieved by primitive programs iva leti,e in the programming environment. 

1 he grand plan is a tree. Each- nqd-e s a plan evplaining hpw a goal is decomposed into 
eubgoals, the plans for which are. ihe daughters d' Ihe node. The leave* Ore goal* ach evaole by 
primitive programs. 

Eoch pa r .. o tne program t s linked with tre oiecei.s) ot Ihe grand plan, wnichi il smplements. 
Each pail is espia oed by th>s link. Questions about a pari of the progran are referred to Ihe 
ccrrespOhdirg pari of Ihe grand plan : n order to be answered. 

]J!rl DECOMPOSITION OF A PROGRAM 

A program is decomposed into sect ons lolipwirg. She structure of its grand plan. 

IIE r 1,1 SEGMENTS 

Toe goal associated wilh a node, or leal, of the grind plan is referred la at a "segment of the 
main soil- The sel bl parts bf the program wtveh are iJSOCiitftd with this node, *nd if* dtCflndanfs, 
is re Ter red to as a "segment qt the program," the prog ran-, segment which implement; (he goal 
segment, [n this paper the term "■segment" is used ta refer ;o balh the goai segment *nd the 
corresponding program segment. 

In general, a program will have a basic lrep-tikp s’rudure closely p.iral rl to the struclure of ils 
grama pi in. However, many trensfqrmat ons are commonly applied to a program in order tq incrg-ase 
Ms efficiency teec soclion 1C1.U3X These Sraiwidrmatiani obscure the bas c parallel. As a retuM, *. 
program segment need rot oe a simple continuous piece cd the program, J[ may be spread here amcS 
Ihcre throujn Ihe code, tn add lion, one piece at code may bo contained rrv several logically 
non-qve Napping segments. 

The cede for a jiven se^mcnf, wilh Ihe rest of the program deielec, farm* a new prdgrarr- 
wnich implements tha corresponding gool. further, if is a properly pi the way this system c.hqq*us 
segments lhat each sogmgnl has only one enlry and oniy one e*i| pal*,, [r, clher words, no 
information ns encoded in the flow qf control into or out qf i segment. Each segment of a program is 
described by a behavioral descript on (see sec hen JL3.2.]}. 

IIM.1.1 a small example 

Thir* seelibn presents an example Of the rclalionshia between a program arid it* grand plan, 
Section II3.4.S disou**e* tha grand plan tor a more ednp ex program. 

Carsiaer a segment of cade which eompules the roots af a quadratic polynomial which i* 
assumed lo have reaL rools. It ta*as as input tne weftidsnla A, B, and C and oulpuls the cools Rl 
and i?£. 

D ■ EGRi '!R+*2-"4!fAwCl 
.Rl 1 t-E^Dt/ t£*A;- 
H2 - (-B-Dt/f^WU 

Fig 3: A program wtuCh tirds the racts of a puadralic polynomial. 

The fall owing L* a passible grand plan for this program. Each node has a naTe of the form Qr% 


Richard C. Waites 


Zb 


tli.l DECGWPOSITEON OF A PROGRAM 


Tht npdc specif-es tne gcai which if a-cheve-t, -a.Td a pl.m Ipr hpw to ac.nie v ft it. 


Sli "calculi* the roots' 1 to do this mt-n^'e GZ and 03 

S2: "celculste FtsI root" ccmpcsc t.ne gea's G4 and G5 

G4: "calculllfl the square rDot 'em" D^SCSTi;tltt2-4*A*0) 

G5: Vt the Urst rOtf* 

G3: "eelculale ceco-nd root" compose |he goals 06 and G7 

26: ‘calculate I he square real term'' D-^SOPi'CBf^ Z-4+A+CJ 
27: ‘‘get the second real" RL-i-B-Sli/(2tA) 

Fig A grand plan For iinoing the roots 0 J a quacra1ic polynomial 

The Fmel figure in this section shows how the program is segmented, arvd how these segments 
correspon-d to goals in the grand- plan. 


pregrah segments 

PI P2 P.3 P4 P& 

PI P2 P£ 

PI P3 ?7 


code 

0 - 5QRT(B**2-<i*A*C) 
FI - E-&+D]/t2*A) 

R2 - [-B-DJ/t2*A> 


Fjg 5: Th.s shows the correspondent: oelween the program arvd the grand 
p am. i me program segment Pi achieves Ihe .^oal 21. The program segment name 
appears bet ore each i-e contained nit. 


INdle that Coe 15 iaclQr ng (see sect on [] [, 113 , 3 }, segment P3 is rvpt continuous, and the first tine 
implemenls bolh P4 and P6 h which are logically non-overlapping segments. 

[[[.1.2 CONNECTIVE TISSUE 


Consider a program segment P corresponding lo a goal 3. The segment P cpnlains subsegments 
Pi which ach eve ihe- sungdals 0 of G- The sejminl P also cdnSa ns code which is net contained Jh 
spy subsegment. This excess code is connective 1'ssuc. Lt is Ihe cement which bnds subsegments 
together to Jorm » larger segment achieving » more cOmp-ex' gdaT. 

The goal of a segment is achieved by executing a set g( subsegments, Ho waver, the 
subsegments are not just executed in a vacuum. They musl have informal ion conveyed to them, irpm 
Them, and between them, [n addd iO 1 ', they musI oe executed m ihe correct sequence. 

HU. 2.1 DATA FLOW CONNECTIVE TISSUE 

Gala Mow connective tissue carries cal a items between segments, It carries data from the 
output ot o-ne segment to tne iotpul of another segment, from the output oi a subSGgme-n1 lo the 
Output of the containing segment, anc from Ihe np„t pi a augment to the npul of & suose^meot. 

The most common data tlow cprcsTrutls which form Ihese pathways are Subroutine arguments, 
returned Values, free a F ,d bound variables, and assignment. These constructs can be chained together 
sp tnat a Saturn can fblla-w a path consisting ol many sections from its source to its deslmalion. 

]II. 1-2-2 QONIHGL FLOW CONNECTIVE TISSUE 

Static cpnlr&l How connectives, such as GOTO, CALL, RETJPN, and physical sequential placemerit 
Of statements, fjaj a pattern Of execution. [n addilion, dymm c control Flow connectives, such as GO 
and various [Ft, perform computations by varying Ihe natlern OF execution. Tn this System, the Key 
actions of dynamic cpnlrdt Tlow a*® captured in the nation of a predicate, which is used explicitly «ft 
several pEan types. 

A predicate is a hybrid construct formed by wrapping a segment in dynamic control (low 


Richard C. Wal e t $ 


EJE.l DECOWPOSITIQW Of A PRCvRAM 


2 & 


constructs. A predicate has no pl.itiS outputs, however it causes centr-pl to exit via one of two 
paths. On ant path it make* the output; aiserlion P and an the other -P. Th* output is in effect 
encoded in the flow of control. 

Fred cates are Only used in esrlain pan types, where the way they contribute to the overeSI 
goal is made explicit, ih s make* it easier to understand ‘ho- function OF predicates. 

I IE, 1,3 PRC SR At/ TRAN$FQf!MAT[0ffS 

One of the Ernest prob em= in recognizing the basic structure of a program is that, for a 
variety Of reasons, pieces Ot the code arp shuffled around wren ihe baste p!an is implemented. The 
primary rpotivation for (hi* 15 economy. Pieces ar? moved so that tney need not be redundantly 
executed- Pieces are also often ironed so ti-.sl Ihcy need nol be redundantly written, even if this 
l^C reases execution lime. 

The transformed program performs Ihe same essenlial c^lculalidn. However, it usually has 
incidental d 'ferenc.es, ccmp ex t-es, and reduncanies which may lead !0 hugs when it is modified, or 
incorporated in a larger program. 

This system o^terr-pl* lo oetecl transformations as «t deve ops the gr-ard pian fbc a program. It 
continually tries to- gel at the underlying logical structure Ot a program. 

I] 3.1.3.1 REARRANGE MEN! 

Consider Ihe prim live pieces ot code which form a program, They form indivisible units 
imp Omen-ting tne logics, segments which jre loaves ot the grand pan, Connective t ssue links these 
p-i-Cces together nlo a program. Trig- CQnlrQl f uw connective ; s$uc |l Orns a drected graph, each nooc 
of which is executed only in a certain sgt Of situations. 

A given piece at code can usually he pul in any of several pavilions in Ihe fiaw of control. 3n 
feet, the placement is constrained in only two ways. First the data links provide a partial Ordering for 
the fundamental pieces ot code. A piece Ot coo-e must oe situated so thal it IdIIows (in the order of 
execution) any piece of code which providers dale tor it, ana precedos tin Ihe order of execution) any 
piece o' cede which uses cala output from it, Secondly, the grand plan specifies what subset of 
fiilciOlidns each piece of code shpu d oe executed ir, A p ece oJ code Is constrained to odsilions in the 
control flew which cause xrxeculiOr, only in Ihe correct situations. Thai is lo say, a piece OF code 
which should only be executed some QF the times Inat the program as a whole is executed (f&r 
example one of the slier natives or in JF), must be pul in a section ot Ihe topological control flow 
structure which i= executed at r ust trose times. 

Ciearfy the Eranct plen only loosely r«|ricta the posilian cf the pieces Of code. One reasonable 
w*y ip decide on the exact sequence Is to require Ihet pieces of code which implement the same 
logitoJ segment be together, This makes Ihe relationship between the grand plan *ind ih* prpgxam 
dear, but it is sometimes wasteful. 

.t should be mentioned" that programmers, -often desire even mere flexibility in placement than 
thjf which is described above There is no way lo jot around Ihe data flow tonslrflinls except for 
changing the a goritnra, and Hence the grand pi a-, however, 1 h^ control constraints can be IbC-sened 
3t is possible to position a piece OT code so 'hat it is executed too often, as long as its results car, be 
ignored in the extra cases. For instance, they can be ignored if, m the extra cases, another section Of 
•code overrides Ihem. 

ft should be noted that stretching the grounds tor rearrangement in this way is dangerous. It 
can lead id bugs bemuse it creates extraneous situations which are peripheral tp the main goal. 
Things cOme into being whose 50 0 fu-nclioui is to fix th ngs up otter something has be-en moved. 
These things ten easily get m s laid or misuntfe-rslood, causing bugs. 

::e.j,3.e SUBSTITUTION 

A sect on of code can always be substituted tor another section ot codn as Sung as if does 
exactly the seme thing in the- giver situation. This is not terribly useful. However, n section of cOce 


Rithird C Waters 


21 


L 3 L 1 DECOMPOSITION OF A PROGRAM 


tan -also bQ substituted if it does nO p e tnan is required is long as the extra work. tan be ignored, It 
Cflft be ignored by eilher throwing it away, or by give'riding if at a later time. Thi& type fif 
Subslilutifin is uselul in u’iliimg pre-exi sling sections of code- II is also useM ini prompting 
facToriEat On (see below). 

Jusl as m rearrangement, stretchy ihe silualicm can lead to later troubles. For instance, tne 
requirements far lanorng the extra work dan easily gel lost in the shuttle because Ihey are 
periphera to the main task. A so same other program nay eventually cfime !fi deperd an fire fil Ihe 
nxlrsneous tenures. This can lead to Suture problems, s nee Ihe a : r ginal program does net guarantee 
the extraneous features, they may gp away at any time. 

There is 4 Special -case D’ tubr.ti|ij:iOn which deserves nale. CMten the grand pl*n will salt lor a 
general routine, however, tnp Equation make-t it clear 1 ha ( I ho eel ions ot the routine will be limited la 
a aybsel fil ils normal ad ions., ]n this situation, a more restricted routine can be subsl-Tuted. 
Sometimes the routine can be eliminated on: rely oecause its inputs are so heavily const* pined that 
Oniy ore of the oulpuls is possible. 

US-1,35 FACTORING IN SPACE 

Hera, two Or more identical sections Ol cOce are reolacsd by one instance of the section of 
code, -his saves redundancy in writing Che program. Consider two sections fit code which have the 
some specifications, amd which are n pa r ai.leE posit an? in the flow of control, That is to say, ir- a 
given situation eitner one, Out nol odth, of the sec lions a executed, Tne IwO section's can be 
reptacetf by fire section (identical! to them! m a position. that is executed in just the umfin of th-e 
situat ons Jhjt the Original two were executed ih, In adoit^On^ of course, this new posilion must be 
such that the data flow restrict or.s are met. 


-■ a 

A 

Ml i - AS 

Y 

■- c 


Fig. 6: Two idenlical pieces of coda at Ai and A£ car be factored forward 
1c position 0, fir backward to posit on C, as long as the new posilifin is cfinsislenl 
with data flow constraints. 


Both fif She methods of si retching discussed above can be used here to promote factoring. 
First, substitution can be used to make -diss mil a? pieces of code idenlical. Second, a segment cars be 
Factored to a ppin] that is executed tco otten as long as the resulle can be ignored in the additional 
situations. Finally, factoring can be gsneral-zed to factoring op; ot n parallel p-fisilifins, rather than 
just two. 

It should be noted lhal factoring is a process which Closes one p'ece of cede to perform two 
or more furtttiGns wnich are log cally unrelated A factored piece dF code performs all of the adions 
which were performed by ils antecedent* as * group, Smce the antecedents were in parallel 
positions, their action? were associated with logically dist net situations, 

III.l 3.4 FACTORED [f| T[ME 

Here a sett on ot code can be moved out ol a position, wnere it it execuleo many times, to one 
wnere it is executed Only once, as long a; the result of As execution is the same each time i| is 






fficharef C, Waters 


iKl DECOMPOSITION OF A PROGRAM 


2S 


I? a r htt Tr\ 5 ' 3h,i iS nn0v,n2 Put of a loop. However if should he 

zzrz: r«:: i:zzi‘: ^ - ine 


- 6 


• & 

- A1 



INI 

< 

- 1 - 


i 

> 

i—*■ 

-■ c 

i 


c 


Fig 7: PrscBs £>l code with identical rcsuils (sweb as those at A3 and A 2) can 

bd I^POraly littered f&rwaid to 3 gr Sachward to C as teng as data ftew 
constraints art rntt. 

mutgt ; bvi0Utl ^ ?ub -« f t0 the reslfIctidnB as spatial Coring. Th 0 mounts 

Q , ri _ ... * ,e Qa * f ' 0w constraints, ana the new Design must be executed every lime any of the 

“=«"l'“»d e Were idd '" 4n ' * S “” a - ,h ^ ! - ^ a -d V ss ^r £ L tJ n 

rssuliJLf 1ha1 1hl * T^Pa of '«TC,rins usuaU y enly occurs termed, [n the figure if the 

results of A a and A2 are rsp( used until alter P c,n! C, Iben A1 is ctearly redundant/ 

111-1.3,5 MOVING COMPUTATION BETWEEN THE CODE AAO THE FLOW OF CONTROL 

the r SS .r kh T eiln * r be ^ faction*, or directly implemented in 

t „ na ; e a , t . ' ' a ra ' 5 '^ lD,JW3rd S 5 ,, * tr '®l* cf lh .4 js a Logical connective such *t AND nr OR For 

Swrate t* If* hrwl? V t K* COgd be fm P l * lwnl ^ U5ir, S °ne Jogicat tmesion, or by us in* two 
separa.e tests branching to the same place. This system should be sole to recognise that these two 
implementations perform essentially lhe same computation, 

? 11 Jn °! h r V Y \ ilDii1,an in [Ke ^ Di CCintrCl ^ used to encode Information 
a van hi- ir J ' f ' JFSt tes1 flbQv0> - A * r °E™er can chonse to encode this infernal ml in 
h ^ f v ?' UB init(?3d - Thls usually leads !c a simplification of the flaw of control 

Another good example of this is in She UEe of l Wp s tees seclion 30 3 4) 

,, e " 'i'l b *"Cl e '"' n " d in lhe ,|W 01 «*« "*» » -wrtr tenside.dble (l.*ibill»y 

“ d "" en ^ * lh ** - !Fi - s*™*** — «" * 

,„'*’*“* M ; ™rn*N »»5 a t"P<» trsnclilne IF. This fji, c‘t,„ be used Id indl.msnl two 
d bml ' 1 ' ch °' c6! - »,is ,s partidoiirljr [S nf U iin 3 whe» lbs two trai,,, a „ losicslly unftlsted. 

111,1.3.6 MOVING COMPUTATION BETWEEN T^E CCOE AND THE CAT A FLOW 

■ e feiliB ?i basi i“J f aSata ftow ^ sth is to fFananut a datum from one ptece ta another. When this 
o traHk! ' th T 15 n0 ’ ? " 0<Jlfltd by if£ J&urne >’- town, dite tlow paths can be cQmlructed 

”l te t Wh&n tWs ^ «se-, the balum which exits Iram the path n!*y 

n&! 5e vh * as tne ore which entered lhe path, ^ r 

ta _ k/ITJ/T/S VBr '°S deV ‘ CeSr SUCb “ E ^ subroutine with arguments of nonmatching types. 
Can be m t d to armg oiffergnl sets of access functions jnto play at the two ends of a nalh H 

p«t!!”Th,rtv««m"tri°.r tf* J ‘ ad “ !, ? ra snd r£,, *" s a ds! ™' » *» bs Issnslerrsed 3 y Iho a.:. 

F«.t«rJ h ?h I f 15 a$ eifp ClS Efansfn ™*^ns had been used. This h 3& lhe' effect Of 

factor-ng Ine computation back out pf the date flew. 









Richard C. Waters 


29 


[][.J DECOMPOSITION OF A PROGRAM 


D^ld 11 aw paths, can aka be usee as a syntactic method I Or s peril y mg. that certain c driver 5 ions, 
ihouln be perform*dL For instance the statement *S°Q" {wh*rtr S is single precision and D is double 
prec sion> W-ll Cause the FORTRAN ctmp ler Ip inserl a conversion From double to Singly precision, 
This syslem just treats 1 hi 5 as if Ihe conversion was C-xpl«c<5ly slated in 1 he f<rst place. 

FORTRAN has the powerful constructs "EQUEVALENCE" and "COMMON" which cause Iwo or mor« 
variables to refer lo the 5 a ire section of memory. They can be used Is cause different sels of access 
funclidns la be used On I he sane datum, ®nd lor other useful things. However, Ihey can also bring 
aboot opaqje end cos-p.ex side efiECts. Initially, Ihij system will not try 1o deal with the difficulties 
associated with EQUIVALENCE and £OMMQ\. It will assume that every va r iable is ci&tincl, i.£, that Ihe 
value held by a variable can never be mod f-Ed oy an operation on a variable with a difle-'ent narne. 

Another issue ts brought up by arrays, whch are the only npn-alorniE data item available in 
"OR7RAN. One way lb look at an array reference is lhat it it 3 function which tskes two 

arguments, the array and I he index, and rclurns a reference to the element of She array, Another 
way Ip ip-bk at it is as a njrng For tns selected item, and hence a cal a ffow path for that item alone. 
1 he second approach has the advantage I hat, when reiriev ng and storing, a value in an array element, 
iE captures the notifln that the other elements a" I he array are unaflected. ]n the firsl view, the 
array indexing ■& part ot Ihc computation. 3n the second view, it is part o£ She dale (low. 

As a edrerete example of the difference bel w^On the IwO views consider the segment "A{l)-«2." 
Jn the compulation a view, ihis segment lakes two inputs, A and 1, and produces an ou'pul matrix 
which it identical to A .n all elements except the ]’th which is set to 2. ]n the data flow view, the 
segment h^t n* inputs. As an Put pul, it has only the Single element A(I) which happens to be pari of 
an arrey, and Is set lb 2. 

the second approach makes i| easier fo u"der5;a"rd what is going on, but il can only be used, 
when the vaiu-e of I, and hence the identity af A(lh cam be determined at the ticr^ pt thp analysis. In 
particular this means that 3 cannot depend on the value of any datum com-ng from outside of the 
program being analyzed, When analysing the segment above, the system wouid start with the 
computalionpl view, sne then switch to the data flow view il it ciscovered lhat if hnew the valpn of [, 


Richard C. Waters 


UIZ THE descriptive structures USED 


30 


lil2 THE STRUCTURES USED TO DESCRIBE A SEGMENT 

As- was said ^bOve, 'he grand p an For a program show; how the gda ! DF the pr-Ogrpm 15 
decbmoos-ed, step by step, Ip gea s achievable by primitive programs.. Further, each node of Ihe 
^ra.-icS plan is ;i plan explaining how a goa'. is cecomposed info sub»pals, It 5 now time to lock al Ihe 
precise structure of a plan. To 1 hat end, the nesl sethon det&iic the structure ot behavioral 
descriptions. They describe Ihe input/output benavior of segments, and form ?n inlearal pert of 
plans, 

UI.2.1 BEHAVtQRAL DESCRIPTION S 

A behavioral oescr.pt on consists Of live parls: a set Of input items, a set ot output Ite-mS, a i*t 
oi prerequisites, * ■set of assertions, fl-d a mapping, The prerequisites are logical conditions involving 
Ihp input objeds They Musi be mc:1 if tho segment is 1o behave correctly. The assertion? ?re logical 
si elements which are true alter comp eSon of the segment. In terms of the input a no cut put items, 
the assertions say what the segment does when the prerequ $itc£ arp t^L Note particularly, that the 
definition of a behavioral description speaks Cl input and output Moms, not variables, An Item is a 
piece of information (a number or an array or a fu-nct^on} which Is passed between seSmcnts, A 
variable s jut" She mpsl common data flow construct- The mapping specifies when an output item it 
identical to an input item, 

Segment 

VN1 - FfXNl) 

XNi - XN1+0X 

Benavioral description & the segment 
inputs; >:,,nt 

prerequisites: floating number4 (x„ me) 

Outputs: newx, newy, pine 
assertions: llloaling nuticerj (nswx, newy] 
newniry tine 
newy«F(y> 

0mc“inc 

mapping: foinc++inc) 

Fig- S: An example of a behavioral deficr.plipn for a iwO line segment. The 
lower case name? dor example *, inc, news} are names for items, Any similarity 
between these names, and Ihe variable r.anes in the example segment 1 ? just lor 
the convenience Ot Ihe reacer. The system encodes nO inlOrmat-on in the names- 

]f a behavioral descript an accurately describes a segment, then 'F the inputs E-re supplied ard 
the prereoui sites salistied, the Outputs will appear, and the assertions wi I be true, tr order to justify 
the claim that a given behayigr,-i description is accurate, the system must lock at the internal 
structure Of the segment. The mapping; is of assislance since anything which is true of an item under 
One name, is tru* under another name. The system knows, in advance, behavioral descriptions of si I 
of the basic programs available in FORTRAN. 

111,2.1.1 POINTS OF VIEW 

ip be useful, a behavioral description must bo accurate. However, exactly what «s pul into a 
behavioral description is a funrtia", at the purpose to which Ihe behavioral description; wilt be put. 
One segment can be described from many points of view, and several segments can oe described from 
a common point of view. 

There 31-1=1 two key types of points Of view: “intrinsic 1 ' and "eatr ntic." An intrinsic behavioral 


Richard C. Waters 


3-1 


UE.2 THE DESCRIPTIVE STRUCTURES USED 


description descfiDes n segment from gn nlernal point of view. JL reterences nothing external to "he 
segment. Everything it says about t-e seg-rr^en-: S true by virtue of Ihe segment mlarnal workings 
ihd ir, independent Ol where, how, and why the segment is used. 

An extrinsic behavioral description describes a segment from an external point of view, it 
references rtatning internal to the segrrant. 31 dfscri&es Ihe s-egnignt in terns of the eiT-Yif'&nrnenl ot 
ita use. An extrinsic behavioral aescnpf.Dn -s a ; "ly used :n conjunction w th CLher extrinsic behavior a; 
descriptions sharing the samp do n: of view, 

RELATING BEHAVIORAL DESCRIPTIONS 


Giver, two behavioral de-scFipiicns tor a jivcr. segment, it nay by desirable to show Hdw they 
■correspond. his is cpno te specifying, in add! I Iona] mapping which shows how Ihe items mentioned 
J 0 She two descriptions correspond 

The rtCxt figure shows an extrinsic behavioral exemption f* r the SE-g.m«-n1 in (he ok ample 
above. A correspondence mapping is included, as part of i|$ mapping component, which relates it to 
tine intrinsic behavior a] description pi the segment in Ihe previous ligure. 


Segrten t 

HN - HNI 
VN - YNl 
VN1 - FtXNU 
HNI - KMl+flK 


Ejclrmsic description ol Ihe segment 
inputs; x t y, delta* 

pre r e^uisi tss: Ileal irg nym oers (x, y, de It av) 

0-0£x 

tt.fl<de1lix 

outputs: nteislx, nexEy, old*, sidy 
assertions: floating numbers fneDrtx, rwsrty, oldx, oidy) 
nextx-x+dettax 
nexty^FEx) 

Oldii=ii 

Oldy=y 

neit tx^oldx 

driapping; (x+*x r deitgxHr.c, nexty-new*, nexty^newyi old****, Qldy«y} 

FJg 9- This is an example ol sn extrinsic behavioral description pt a use ot 
Ihe segmenl whose intrinsic oehavbral Otsriplion zb given n the last figure. Dai a 
flow connective 1 issue has been added to Create mp it PUlputS. Similarly 
prereq-uis tes have been adeed, y eloing more complex assertions about rexlx. The 
mapping cPmpOnenl consists ol two pads separated by a semicolon. The First pari 
shows how names used in (he extrinsic description map to names used in the 
intrinsic description. The sesonc snows how names in Ihe extrinsic 0e«rip1iOn 
direcHy map together. Anyth,ng wh ch is sa,d of a name is true ler any name it I* 
mapped to and vice versa. Any identity belween extrinsic and intrinsic na/iujs is 
accidental and carries n& informa I ion. The mapp ng carr es the in I prm a I ion. 


. he correspordecrce mapping enables the syslom | 0 use Ihe fact lhat the intrinsic behavioral 
description is accuralc 1o he p s r ,ow that the extrinsic behavioral description is accurate. The 
extrinsic behavioral descriplicn is accurate if t^e intrinsic behavioral desertion L* accurate erd the 
following tour requirements are met. 

First, each, item in the intrinsic inputs musl be mapped to by an element of the extrinsic inputs. 
Second, each element of the extrinsic oulputs ithjeI be mapped tg by an element gf (he intrinsic 


Richard C. Wafer; 


32 


m.2 THE CE5CR]PT1YE STRUCTURES USED 


oulptrts cr pirectly from a member ol Ihe extrinsic inputs. having, an extrinsic output cPmc direclly 
f r C'nn an extrinsic inpul is, n cinRon method of extencmg the intrinsic <ibili%e» d1 i segment. Third, 
fnc eKlrinaic prerequisite*. must in j .piy the in1nns»c prerequisites. [f not, Ihe segment Is be-i-ng 
uneorreclly used. Finally* the nlnns l assertions musl be implied by the intrinsic assertions, anc. thu 
c-Kt-.ns-c prerequisites, [r rot, ‘here is no oasis I or Jssclinj then, 



extrinsic desenpt on 
segment 

intrinsic description 

*1 =*■ If 
*1 U ]£> = *□ 

Kp -» [ p 

>: p I • -• >!* 


X 0 >■; 


Fig. L0. This figure sniws a schematic representation of the relationship 
between intrinsic and extrinsic ftestriplid-.s ol a segment. To (he right, equit ons 
Summarize the Key relaliansh ps amgnj thp exlrinsic and intrinsic inputs, output*., 
prerequisiles, and assert.ons. ThrguJhOul ite rest ol this paper, subscripts will be 
used SO re for So Ihe inputs, Outputs, prerequisites, jnfi assertions of the behavioral 
description of a segment. In the figure, stands 1 or the extrinsic name Q! the 
Segment, and T for the intrinsic name, There lore, stands for the outputs of 
tnid extcmE-ic behavioral description of the segment. 

Hit,2 PLANS 


Tnp plan tor a segment shows how "ht; behavior of ihe segment is produced through the 
combirwd ctforl Ol a set of Eubsegrrents, ]1 cons sis Of four parts. 

Firstly, it lists extrinsic descriptions of Ihe subsegments from a common point of vifcw. These 
describe the behavior Ol the subsegment* in ;he context of (hf outer segment, Secondly, Ihe plan 
includes tie intrinsic descriplion o f Ihe segment as a whae, from ihe san->r point of view. This is She 
goa fo be achieved. Thirdly, there is an indi-ca? bn of tne pten typo of the plan anp of how the 
scibse^meril^ map into the components el that plan type. Finally there is a description of the 
.eleolegital structure oi Ihe plen -he telea ogr-al structure contains the hey inFormalion which allows 
The syslem to know why Ihe program u the way it is. 

For each plan lyp^ (here it a collection pt specific melhoos and inlprmalion fsee section [tl.3S. 
Inis knowledge specifies how subsegments interact in accordance w th the plan type. H shows what 
control and dole flow are required, K^'i importantly, it shows how the extrinsic descriptions of the 
subsearrieots are logically compined in orcer In yield the intrinsic description of the icgnent as a 
whole, .t indicates how lo go about verifying that ihp segment as a whole works correctly, and whal 
sene oF the common bugs are in program using |h} plan type. 

Looking at plan* from another poi,-l ot view, a plan is an instantiation oi a plan typa, The 
extrinsic behavioral descriptions instantiate the subsegments. Data item naming conventions 
instantiate the data fib'*. Subsegment naming conventions spec it y the control flow through reference 
to Ihe plan type, Finally the intrinsic behavioral cescriphon pi the outer segment, together with the 
dcscmpliOn o! the teleological structure, mslar.liale Ihe logical Structure oF the plan Syoe, 

The teleological structure h described using a net of iw* kinds oF links ("purpose,* and 
■reason"). Purpose links specify the purpose of a feature ol the plan, They are Inlcndedi to show 
















Richard C- Waters 


33 


1TE.2 THE DESCRIPTIVE STRUCTURES USED 


why the rnajof design decisions were m^de. £s a res-tilf, o?iy tne mam goal directed leatures have 
purpose link?, It should be noted, thal a feature that dCes nol have an avowed purpose moy slill be 
used as a juslifit a I iOr- for camefhing tf il Is not used ter anylhir.g, Ihgn it is jus! incidental (the/e sire 
many incidental features- in a typical p r ograin;i. In the example plan,, it is not just incidental that the 
lynction F produces a Scaling number Output, however, it 11 not its pu^pOso cither. He purpose is to 
cbrr-pLfe toe funcf on t as required by the intrinsic description 0 ' the outer segno nt. 

Purpose .mks. show outputs designed to become inouls tc other subsegments and/cr outputs of 
Ihe outer segment, ney show assertions satisfying prerequisites Of other subsegmenIs ar.d/cr being 
used to imply as-serlions ol the outer segment's behavioral description, They also shew mpre global 
ideas, for instance, that a particular subsegment isc-ter.-nmes whether a Id Op shoutd terminate. En 
■iddit-cn, purpose links show thal Ihe nputs and prerequisites Of t-"e intrinsic behavioral description 
of tho outer segment are designed to provide for inputs and prerequisites flt subsegments. 

h hc reason links explain why certain things can be claimed. En particular they indicate why the 
assert mis ol .tie intrinsic bB-havipra description of 'lie- o,.-Ik,- segment can be claimed and why the 
prernqyis-tes of the extrinsic behavioral descriptions oF Ihe suDs*gmerfs will qe saMsMed. They show 
the key set -ol assertions !rOm wHch another assertion can be n J erred. 

Taken Together, the r^son links a r e a (race pF a prcoF cF correctness for the Segment, This 
system is unable la venfy thj$ proof because it mj&S take many reason links on faith duo to the fact 
that Lt cannot prove "hat (hoy a r e valid. 


Richard C. WaterE 


34 


HI 2 "HE DESCRIPTIVE STRUCTURES USED 


Segment 

YN1 - F i K*41 ? 
XNl - HNi-DX 


Plan for 

(ID REA 

1 - 

2 
2 
k 

jm 

5 


u - 

~ 13 


.. :j 


S - 

7 12 
S - 
3 - 
10 - 


11 - 
12 - 

13 - 

14 4,9 

LS 10 

5 


IS 


Ik- segment which, is cf type AM} 

PUn I Extrinsic de-scr.piior. ol par I At pi A (F> 

Inputs: x 

prerequisites: Floating number (h) 

Outpuls: newy 

assort,pnj; Floaling number (newy) 
newy*."(}{> 

mapp ng,: CnewK«ar^.L f newy^relurn^vaJLie^ 

Exl rinse description of Part A2 of A ji-J 

inputs: x, irt>; 

prerequisites: iloatiop. numbers (k, incj 
Outputs: newx 

liadrliO"?; floating number (n^wx! 1 
ncws-x+inc 

mapping: ■|K++!irgL 1 mc^argS, newx++re1urn_valuetJ 
InrrifltiC description of part A ct A (the whole oegmonll 
inputs; If, me 

prerequisitesi Healing numbers fx, me) 

outputs: newv, newy 

assertions: tlo*hn|r number* (new*, newy) 
newscast+inc 
rtewy^rfx) 


13 

l£ 


l.G 

2,7 


Fjg, Hi Thts is an example pjan for segments Ejmilar too the Gnp deal-E with 
m the iast two figures, Mole that here Hie fames 1 0 r I he items do have meaning 
because all OF the behavioral aescriptions have a common poml of view. If they 
are the simp in two different description:; then they refer to the tame ilenx The 
table fo Ihe iff It Pi I he figure indicates !he teleo .ogival links. For examp-e, line S 
hais producing the butpul in line 13 ns hs purpose, and fine 7 cites line 12 as the 
reason- it expects to bo satisfied. Section IN.S.l.J summaries Ihe specific 
knowledge for plan type AND, 


[I a plan *6 to be applied to a particular segment, Id explain it? operation, three thirds musl be 
added to it. Hrst f Ihere must be an indication of what code corresponds to Ihe segments retired lo 
in I ne p ,in, Second, there mus-E be a ist ng of whji data flow connective tissue implements the data 
flow reiqu red by tine plan type, Si mil a Hy, there must he a listing, of the control flow connective tissue 
which implements the control flow required by the plan, 

The resulting structure is referred Id as as applied plan or explanation, It can be used to 
answer questions aoouE hQ'-v a particular segment does wnal it does, ll should be noted that this is a 


second Igyc; Gf instant at,on. The fi-rsl level made explicit the structure (teleological, data fJbw, ard 
control flow) ql the segTuent. This level makes explicit the way in which The structure is implemented. 


Richiirc C. Wafers 


Ul.2 ThE DESCRIPTIVE STRUCTURES USED 


SS 


Segment -with segmentation infurmar-pn 

A A1 VNi - F tXNlJ 

A A2 XNi - KH1+0X 

App.ied plan fO- r Ihe segment 4 addil ioflaf irlurm^t i>n onlyj 
daiii How 

Jill* pari A1 of A CF} 

v. from cutsid* A via variable XM 
inlo A*r3 A2 of A C+> 

x from outside k v i variable XN1 
itk From outside A via variable DX 
Ip oulsidfr of A 

oewy fro™ part A1 via ass jo.ment, and variable VNi 
Obwss from part A2 via «*|gnmon1, arvd variable XN] 

control flOW 

trbm outsic* A ta pari AJ via i™t;si placement 
fr^m par! A1 1-0 part A2 via secjutnfiai placement 
from part AJ lo Outside via final placemen! 

Fig. 3 2j Th.s thowj the additional information which rr-usl be acded to the 
plan in t-his previous Figure m Order to mate il an applied plan, or explanation. The 
segmentation inlormafipn i; represented alongside the example program in the 
same was as in Fig. 5, 

This system uses different methods for the understanding and manipulation 01 ! each iypo of 
plan, This ailows gresl flexibNity. This is only possible because the number ol plan types is small,. 
Tne noxt section describes the essential fealgrej of the plan types found in the programs irv the TEW 


Richard C. Wallers 


36 


[][.3 THE RA5FC PLAN TYPES 


1 EIJ 3 THE BASIC PLAN TYPE? 


Toe following ifrct&ns detail Ihe structures of the basic plan types. The sections are grouped 
ihlo calagcries based on the way the pians approach detbtrpPt.ilidn of h goal. Each section follows 
the tjnur pal tern, 


Efl?h sect ion starts with a sc he mpt it representation of how subsegments arc combined in 
accordance with Ihe p'an. Arrows in the diagram me cale typical control flow {sol d lines) end data 
I Ow (dashed lines). Control and data flow are not part of a plan unless it is applied to a specific 
program. However,, (he way the subsegments interACt Highly constrains the form the data and control 
liow can faKe. A * is used lo mark the exil path on which. a predicate asserts its assertions, [f 


asserts the nog at on of its assertions on |hc other palh. 

Above and below the diagrams, e<quat ens summarize how the exlnns^c inpuLs, OirtpuLs, 
prerequ Sites, and assertions of the suose-j,rtfrnls combine to produce Ihe intrinsic inpuls, Outputs, 
p ereduisiles, a no asserlions Of the outer segment. As before, subscripts are used to refer to the 
parts, of .he descno.ipn Of a segment, dc bw these are exphcil descriptions qF the purpose (subscript 
PR; of each subsegment. These descriptions in Cdnj unci ion wilh tne equation? |nd cate the teleological 
Cfructure of the plan. 


To the right of the diagram, equations summarize any del in Uon« needed to understand the 
Other equations. At the bottom of 1 h* figure, th^re =s an example segment of FORTRAN code 
i lustraling the p an type. Lastly, Ihere is ^ section devtr bmg the plan lype and indicaling any points 
of special inferesl. 


[[[.3.1 THE GOAL DECOMPOSITION METHOD "W 

In this tUatei-y,. a goal is divided into pieces which can be achieved in isolation, ]n order to 
achieve the goal, each piece is achieved scosrataiy. 

IIL 3 -I -1 THE PLAN TYPE "ANC U 


“ u i.i r n fti i 

a p “ Aip) rt (A i,i,n Ai^xfa Iae) 



Ap 3 U i*l,n A |0 

* a l*i. n Al A 


Ai pfj. = contributes Aid t° A 0 and to A a 

X - SIN (V) 

A - ABS(Z) 

Fig, 13: SchemaUc for, and example of, Ihe plan type AND 

This is the simplest type of plan. N subsegments (with extrinsic names At) are adtiilively 
combined to produce the Overall segment (whose intrinsic name is A). The- purpose ot each internal! 
segment is to achieve iIs part of the cveral goal. 1 nere is no a priori constraint on the order of 





















Richard C. Waters 


37 


IIJ .3 THF 0 ASLC PLAN TYPES 


execution O'! Ihe internal s-egmenls, They do no! interact in any way, ^lo dale Flows bolween thorn, 
it should be noled lhat the union of Ihe assertions Of I he Ai should not be a ccntrflcicticn. ]f it is. 
Mien whai cue tubs.egrr.ent it try ng to achieve s sncoTpatabie wth whaF another suosegment is 
trying to achieve. 

[[1.3,2- THE G3AL DECOMPOSITION .uEThOD "XOR- 

]n 1 hi* slrate^y, n goa is subdivided mtc cases. ]n order to achieve the goal, it is determined 
w-isi ,ype ai situation exisls. Eased on the type, an easier gea is achieved which is equivalent in the 
particular situation 

1] 1-3.2-1 THE PLAN TYPE *GASE XCiR" 


A 1 " U., .1,#, tPJ: U Aljfc 

A P ■ nj Bl ^ iP5 p a tPi^Jhip)} a [XCR j, j ,^,'Pi A > 



Aq - A1q ■ ri2f> * . +. *■ An$ 
A* m ^pat.n ^ P • * "* A i * I 


P ipp - Id eslab ish whether Pi A is true. 

Aipq - when ft* is true, this provides the A 0 and Ai^ 

I? 11-11 IE,5 1 IS 
S X *■ SINCV) 

COTO 30 

13 IF II-Z> 20.15,20 

15 X - COS 

COT0 30 
23 STOP 
33 


Pig. 14i Schematic tec, and example of, the pi a a type CASE XQR 


Depending bn which of n situations tPI*} is found, or* of n actions (Ai) will be pnrlcrmedL Et 
must he true t h^t One and only one or th# EilualOns occurs *f * given time. Thi* being the case, 
there is no restrict On On the a-der in 'which the lesls are made. Note thal whichever test is chosen 
to he made last tan he omitted (though 1 hi-s odes not add to the clarity oi the code), 

The tests are made with predicates. ]n Ihe example, the first predicate is T-l-kT, The EF 
converts the segment '[-1" which outputs a number mtd a predicate, [n n given situation, the 
predicates, catcaoed iogetner, select the correct Subsegment to use as the body oi the CASE XQR. A* 

































Picharq C. Walers 


J[].3 Th£ &AS.1C FLAW TYPES 


SB 


m the mKD the subsegments (Al^Ar-.) do not interact with each ether. ]n fact in any fine execution of 
a CASE HOP Only -ire of She A is executed. 

III.3AZ THE REAM TYPE "OQN0 XOR* 


"i * ^ i »1 , n t' 3 '! u Ai;) 

A P 11 A i-I,r, (F ' 5 A ■* (Pip a LPi^HALp-t) ) a (w i , i , n Pi 



"Ci”Aig*A20-.., ■ Arig 
*A = '*'i ,i ,„ HP' in a Pi A ) -» A?*,} 


Pi PR ■ I o establish whelhcr pj A is tri.e. 

Aipp a when (P'n A Pi A ) is true, th-E provides Ag and Ai a 


IF m 5„S,13 
5 Error - i 
CD70 33 

LB IF (Y/XS IS,IS ,23 
IS ERROR - 2 
GOTO 30 
Z3 ERROR , 3 
33 


fig. 15: Schematic fer, ar,d example of, the p : an type COHO XOR 

The COND XQR 1$ a variant of trie CASE XQR, ]( is included hero because it is extremely 
common and because bu^ often arise cue to a (pn J uEiOn between Ihe two. 3n the CQNO KOP, She 
dfeer Of Buecut on of She tests is nol tree, it is essentia . 

In a serial computer', Ihe 1 e-sIs -must he 'node in some order. The OOHD XOR Cases advantage of 
this fact to Gain two bene I its. “ ;rst Ine s tu align in which a subsegment Ai ls executed is (Fi^ a Pi A l 
not just (Pi A J (actuaity this was true with the CASE XOR as welt, but since (tXOR ; , ; ,"Pi A ) -f 
(Pi A -?P'iin}} it was not useful}. This is useful here because the a-iternatiue situations needed to 
subdivide a goal oflen have this Xrnd of farm. [n sddihen, Ihe prerequisite 0+ the CQND XQR requires 
only that Ihe OR (rather thsn th# XOP) Of the predicates Pi A be trua. This Is, In JJineTal, more in Cine 
with ihe way Shat people thinL In Ihe example, Ihe three situations are X<B, X>0 a Y/Xs3, smd X>0 a 

Y/X>3. Using, tne CCAJD XOR, ratner tftnn an c-quiva eni CASE XQP, saves duplication of programming 
effort. 

The second £ein is that the prerequisites Ot a CCtC XQP ire often simpler than in an equivalent 
CA$E XCfl, In I he example, because Ihe order of 3 he tests is Fixed, the prerequisite oF the second 
test (that XpfE) does not need to be s prerequis le ot th# whole CCftD XQR. Note that, ns in the 

































Richard C. Wale's 


3S 


EIL3 THE BASIC PLAN TYPES 


example, Che Iasi predicate pf a CQNQ XQR is flffan "Irue" (needing. no code tp bo implemenledt which 
recOgmies the sdluatibn "otherwise" 

One of the most cOm*rin bugs aisocialed w th XQR? i? dur Id the tad lha! programmer? often 
iimplement a COtiJ XQR when the/ have a CASE XCfl in mod. 3n the example, She programmer might 
have been Ihmkin^ that whenever JCs6 Sften errpr«-i and whenever Y/XsE) then error*£, [t is easy 
not to notice that this makes- no sense since the alternative? arc np| mutually evtiusive. What 
happen? when both alternatives are true-: 1 The program makes ari arbitrary decision seltrg error !□ 
L Thi? mayr cause a problem ater if some olhgr prog ran assuires that error X2 implies thal y/«^8. 

EE[.3.3 THE GOAL DECOMPOSITION METHOD "COM?" 

!n this strategy teomppsilioh), a go a is achieved one step at a time. A subgOai is chosen so 
that after the subgQaE is achieved it is easier to achieve the desired goal. 

Ell.3.3,1 "HE PLAN TYPE "GOMP" 


Arj 


Gi 


;t* 

FX 



*0 - F 0 
*A ■ Gax A F* 


Fl 

“ F IX 

u 

FlI 

f p 


A 

F PI 


1 ^AV, 

A 

Cm 


* Fir 




■* 




^Pfl 
F PB 


■ CO satssfy Fp-j,, to provide Fjj h a-d 1* contribute G^y Id A A . 
a 50 provide and to contribute to A*. 


Z - AES IXt 
i = LOGtZt 


Fig. IS: Schematic For, and 6k ample df t the plan lype COMP 


The subsegment F performs a calculation based cm enlernai data and on the ouputs ot Ihe 
Subsegment Q. T .ne inpuls and prerequisite* of F are a vised Ento two sets external tF| X end Fpjt) and 
tnternai {Fj j and F P I ), The : nterna: requirements are sal sfied by the Outputs and assertions at G. 

The vertica spliltmg oF the goal ha? Two rra n sene I its. Frr?t, the prerequr*ito* Ol tho whole 
segment are often simpler Ihen the prerequisite? Ol F. since some pi the later are satisfied by the 
assertion? of G More importantly, the assertions of Ihe outer segment eompp-uj the assertions of F 
and G in the example, G makes the assertion I«ASS[Xt and F make? the assertion Y-LQSZ). Oit*n h 
substitution i? used Id eliminate rolerences to L"* outputs Of 3 in the asserti&n? oF A. En the example, 
this would yield V*L0&‘AB3(X)) a? the assertion ol A. 

Ah important ipa^al case pf the plan type CQW? nt-tu's when A p equals F fl a'\d F A cMei not 











Richard: C. Waters 


]UJ THE BASIC PLAN TYPES 




rrtniion Ihe Pulpuls of G, [n Shis COM {referred Id as a PRE 3 COMP), She only function of G is 1o 
satisfy jjrereqijis,i1es ol F_ 

t 111 '! Plan !ype '* com,r ' &n ir ■"jrr«rical programming, However, it (Joes occur in the program 
HKL The loll Owing example from the blocks world illustralas the plan type, 

CLEAFUpPfAf 

PUTDW1A,B) 

p|g, 17: An Example of I he plan type PREP COMP 

he seal .5 to p^il A cn 3 {3 it assumed to already hjvt » clear lap). G which Is CLEARTQPfA) 
COnlnbutes to this £0*1 only by making F which is PUTOWIA.B) Op plica ole. 

111.3,4 LOOPS 


i he previous sections have described Ihree motl-nods for transforming one goal inlo a set of 
easier suogoak so lhat achieving Ihe skoals achieves Ehe goal 7^ plan lypos described ebovo arc 
limited m lhat, even in combination, they cm only be used 1o implement a goal decomposition method 
when the set of Subgoals can be bounded in size al Ihe tune Ihe program it written. Loops can be 
usee to implemenl unbounded, but fmile, sols Of suagDalj. which are sufficiently repelilive. 

Loops n*S a differed goal dccOmpcsil an method. They are a different implementation 
methbe. It should be noted thal leaps are also often used to implement bounded sets of iuoadals 
wni£h hive repetitive struttuf*. 

"here are two ways to approach the descripiion oi 1h c plan type LOO* 5 . One could tUrl wilh a 
method tor describing, unbounded but Unite sets o! subgoais and show how they con be implemented, 
■ lernalely, one coud si a rt with Ihe aheodmenon al a loop and show how i] can be .harnessed to do 
uSdul work. Each way bighlighls inte'esling aspecls of the problem. 

Consider a finite hut a priori unbounded sel of subg&als which cm be put in one to one 
correspondence with an inilial subset of the positive integers s& lhal achieving ihg subjoals in the 
natural order of the corresponding integers achieves the overall god. Let G[i] repress nil he sub^oail 
associated with Jhe integer j {square brokets, will be used exclusively to mark items associated with 
:he , th fterat.on pF a loop). The set al subgoals is then EG'2], ... ,G[il , Gfr]), where n «t the 
unknown number of subgaals. 

Suppose lhat there is a set of computation; -BflJ, _. „ Bf.'J such that d (G[.ll _ G[i-I ]' 
have already been achieved, then e*eco1ing Sfij acf«ev S * G[i], Further, suppose that there "is a set of 

predicates 1 T[ff].T[i], .„) such thal if {GJ1J, ... „ G[i]] h*vg already been achieved, then exoculing 

will determine wnelher ih« Overall goal has been achieved, i.e. wnelhcr n-L Sven this, the 
following unbounded computation would achieve the overall goal and Serminote when il has been 
achisvedL 



Fig. IB: Schematic for the plan For an unbounded 


computation achieving Ihe- [G[i]} 


















































Richard C, Waters 


Ul.3 THE BAS[C PLAfi TYPES 


3] 


, nt sequence cf compulations cannot be implemented in the way the above figure suggests. If 
t?nch segment was 'mplemen.led separately Ihe resulting program would be infinite., 6«nce n is riot 
Known in advance. 

A loop hat the property that it e*n prodcitB an unbounded sequence oJ compulations Irbrn a 
finite amount of code. 



Fig, 19: a loop 


hi. aoove per- schematic has loops in contra and cala flaw. [f il wore running., if could cieerty Keep 
runniT-E fflr an unbounded time, alternately execute 3 and T. Farther, smee T is a predicate, it -nighi 
even terminate. There is a problem -however, how would it star I? W apoea-i lhal the execution of T 
must always precede the execution of 3 and that the bkecuI cm pi 3 must always precede the 
execution of T. 

IF ihe execution of tne loop were already at either point X cr point Y, thgn there would pc np 
problem. A loop may he initiated by mimicking every relevant Feature of the state fll the world at X 
□ r at Y gnd Ihen proceeding as il trw Ippp had always been running. What futures are relevant 
depends Oh Ihe nature- ol i and B. ClearJy 3 any cat a items which will be used as inputs must be 
treated, and the prerequisites Ql T and B must be sat shed. 

The notion ot mimicry is a ppweMul one n its Own right. Ft Is broughl into play whenever two 
data, ijr control flow paths join tciethpr to become one. The join ng causes the ml or mat ion about the 
orifiih. pf the paths, which was inherent In Mwir separateness, to be lost. On (he other hand, when 
pr. hs diverge, as from a oredi rata, ini-amah on can he oncooed in Ihe separaleness Df the ppjhs. 

The pl^n types KQR, CCMP, *.nd LCCF approach mimicry and palh converggnee in dilferent ways., 
In *n XOR (see section FJL3.2) Ihe data ano conlrol How paths join together s\ the bottom. The 
output assertions explicitly mention this fact. In g-Mad I hey say lhat png of these n things happened 
iind it can oe decided which one by dclermining which prodcale was true. 

* n a COMP (serf seel ion >-[].3.3j there is nol actually any joining of pal he. Howgygr, imagining, 
that Ihere is potentially a second control (low aid data flew path directly te F from the Outside 
provides a convenient way pf thinking about what s happening. ]f everything was set for the 
execution of F, then the direct path could be taken. G creates the required conditions, ‘hereby 
mimiph.ng the conditions on the direct paths (0 F. iJote that, jn ger^ral, F cannot tell whglher control 
comes Irom G dr directly from toe outsioe. 

This notion can be extended, Whenever the relevant stale is indistinguishable in two plate* 
asd the samp- subsequent calc-ulalicn is desired, Ihen a GOTO can be dong 3rom one place to the o’her, 



























tficl"ijirrf C. Holers 


42 


1H3 'hE 8AS3C PLAN TYRES 


I M h h, l the Poinft 3 re 

juu a c. cl M« (we • S “nn rS „""?• f ‘ mt, " , 7 l( ' •«■ >*«*, th.n llw « 

Wh „ 4' e •■'V s - cll<Jn ^r.l.3.3) SPC it liable 10 &e iOrtusir* er&srflwninc 

have brer. 4 pjlan Vmo “2,®™ ^'* ’ Usat ' 11 “* ,0 l<K * » = P'Obten. [1 could 

structured P ro E r,™L £ °£. “'■, ’* *<*'™» * «» SSI> I-ml 10 follow lh» idoaa 

*t*raotyp B <J poitiorts in eirlai'i ‘ 1h * " n1 ' art ^ TOs ^ mmi^ry can be restricts to 

-!« H .o iie - |J LV to d “' * ilh G0r0! ‘ i“< - * oiHlor 

mo jss^isn- 'smTr.nif'rT “7,? ?*"*' ai «*■* * *"< 1 1« t ** B ***. 

orecul.d it compute, mi , d j T[Cj. r h , record , ira . „ , 5 

8 is e*ecute Qj if commit b? 2L and 1 Ll?" ® '* eiiecu1#dy ij B[1J The SecOrd time 

computation as ihe unboundedpVram. ^ ' '* “ ^ 1 ™ P ^ perfffrm the time 

- ■■? :vr is r>• r *■“• *• <™ 

p ro&nm. H Should be no|PC :h*t T and a will It ^ h y ”" b * ‘"’Plemenlgd by finite 

E<S make it pas&ib.e Ftr them tc dilermi^ whirh t- +■* * con Pu!alien whose sole purpose is 

ta ,onp yE e 3n the ^d*dpS27hi^™J!?” " “ tba ' [he ' Kr ™ "*»' 

i* ^ he mded Fn "h” wi£ jnf ° rmttlQn 15 Mn,ained in th * "** «' «ntroL In a loop, 


ftienaf d C. Waters 


*3 


II [.3 THE QAStC PLAN TVPtS 


9IL3.4.1 THE PLAN TYPE 'lCOP" 


n such that rt ->7tnl*) 

A I ' u \.B. h CBIiJix u TMjjj] 

r111 p S ) 


^ip m A : 


■ 5 , fi 


CBCiJ 


PX 



I[ i+LI 


pi 


K(01 « [NIT 
00 10 M. INFINITY 
*(]> - F([.Xa-lKYt])] 
(T(],X{l),Zim 20,10,23 
IB CONTINUE 
23 ... 


X - 1 

IB X - X-[CXrt(-ia)/(2*X)J 

IF (ABS(X*X-10|..l 1 0E-101 20,20, IB 
23 i,, 


Fjg. 20: Schematic #or, arid tramples of, |he dI an type LOOP 

. , J*™* to*™** *l»™* 1 '* ar» additional segment which perform* the mimicry in 

done fft 7 i- 0431=1 St ei1hie ' * * r ^ In Ihc eq^alions in I he figure, ] i? referred Eg p& b[ 0] {Ibis is 

i5 re w™ i ;r icKs ; h vr" n 31 ^ v - Ehen rt ^ what 

' "T ■?! 1 1'l*} N °'* thls c * n (3n(1 °‘»* n ^e S ) cause treble since B[il is a | wav5 

l “y h 5« a [ SfffJtol'b. rled i * ’’S'' 11 ^ lD dlP ™ G ^ *»■*»" ti Le *her E 

fln y Che g*a B[1J c.hauld P* achieved and the case where no sub 3 oal S should be achieved 

- r * „ , * qu p lll ! n * i * tow,n & how Jhe Subsegment* >n!era?| in order to create a he bshav.rw of a LOOP 

Z S JT ^ L0CPS d ° rtQE E * Ke ^ lull complexity T^ihe fit^ ^o 

? , p f *. 0smeftt5 flre S'Ven. The first, which h#, 5 mare or less full complexity is artificial Jnd cm, d 

siUte^luXV™?" ^ a , LC ° P - - 7he SfiC ^' '* hi£h 1 ' nds «H»~ rool of IB, i 5 much 
simpien Furtl^r LOOPS Can oe broken up In order 1o rtofats -dirferen! areas cl complexity. 

termira‘ja jh * V a ' Fea 0 c * m P l ^* | ty 's determjnmj when, it ever, a given LOOP witl 

to -to W U rd.",W n ' W , ^T" ,S lh ' , ‘ fr ’" i ' ,a1i0 '' »i"'. »PM«, ir Sa u.l.O„ ,nd i, 

1 j -de. standing of a LCbP- The next two sections show how the problem of working with 
































■Richard C, Walers 


AC 


j [1-3 THE 3ASJC PLAN TYPES 


n bG split °' f lrCm lrw r «’ *f Ihe LODP, Cnee i»l«t«d h GNen turns gut to be relatively easy to 
understand. 

-■ere are other areas where simplification can occur. These areas could be looked si as 
eel urea which a given L<?0 P might or might nOl have. The e k prei^ions for the inpuls and 
prerequis tec are o'len jimpliNec 3 a"d,i'a r T may net have any extern*! inpuls or prerequisites, 
a ring this, the Exp'-esstors for A 3 and/or A p may not deoenc On n [this is Ihe case in She second 
example segment). 

Very often, the only Oulputs are from Ihe last step. Similarly, |he assertions may only depend 
Or ng las*, siup. It should be noted that picking ,igst the right assertions For T and 3 so Shat the 
nnt re action, gl toe LOOP is summarized at each step is *n art. Pul another way, il will a Hen be very 
hard to prove 1 hat a convenient form for the assertions oi A follows Irom a convenient form, for the 
assertions of 1 and 0. When faced by a diff.cuJt proof, Ihis system, wilt fust ask the user whether iJ is 
possible. [1 he says that it is, ihe.n the system will truit him. however, >t will rememtidtr th*1 Ihe 
imerlian may be shown (gise at a later time. 

IIL3A2 THE PLAN TYPE "ENUMERATION LOOP' 1 

l_ f m' ,i. C ^ Lh !T' fi remcwed » LGO 3 except for I ha calculation of n, 'hen Ihe ^remaining LGOP 
it *n ENUMERATION LOO- 3 , ihe process a escribed in thg next section shows how additional 
compulation can be added into * LGOP. 


X - G 0 

DO ZB 1-1*100 16 x o c'|>f} 

20 CONTiHUE ]f 00 10,20,10 

ZG 

Fig 21; Exam Dies c f the plan type ENUMERATION LOOP 

The schema tic far this type of LOOP is identical Jo that for Ihe general LOOP except Ihe it does 
not produce any Output. It just cycles through sequence of stales.. Ert doing this it cefines an 
oraerpd set Of situations. The only d Hiculty in understand n E an ENUMERATION LOOP is determintng 
when it will terminate. Since an ENUMERATION LODP theoretically can be as temple a * t ^y LOOP, il 
may not he easy to understand. However, in gener*! when the parts of a L0QP which do not 
contribute to the calculate of n are Stripped away, <h* ENUMERATION LODP which remains r & easy to 
understand. Though this type of LCCP seldom appears, as is,, in a program, il is very important as a 
basis for understanding more compEe* LOOPs which arc built up on lh* basic series of states it 
Cnurne rales. 

H an ENUMERATION LOOP is slightly extended th a | it returns B[n>, as its output then it is 
reterred to as a SEARCH LOOP. 


ftkhird C. Waists 


nu THE basic Plan types 


4& 


III. 3 A 3 THE PLAN TYPE "AUGWEIVTED LCCP 11 

This plan bit combines 1 lap, L m additional body AS comouiine [Asm 
10.-™ o more comple, LOOP. In .ho fi(. U re, K.V lt .n* hr p , r l T 0l " " 


ABfil 


.} tft 


n - L,i 


*1 

Ap 


l 3 

Lp 


(U 

(a 


■ , n 


ABfi] Ix ] 
fiBtll Px ) 



■ pr = Id initiate ir« loop r:&, 

. f 1 ] pp - t* detefimnc it tf* cOiPDUIalton should &;op ie. jl n-i 
L.fi L 1 j P[f - to perform the tilcuSation far LOOP L 
A.B [ 11 p r. - eo pcrfarm the added jteps ot MkuJation. 


oo 10 m»ib 

l& mu . vuuzm 


IQ 


z = ltd 
00 10 [. 1,10 
Z r Z*5( 


F m- 22: Schema" ie 1 


Or, anti ejr»mpl« of, I he pl»r. iype AlXiMEAfTEO LOOP 


„ . l h3t ,hl . E is 4 fhrpe '* vcJ P^h. AS is added Id L.B £j subwirenl of the LOOP LJ to fa, m - 

AB toTfl or to T 1 "f'*. Ih " , ” i ' AE *« La W«*t that no data can do,, from 

AB LB or to T. 1 may also on ntodilin oy the addition of AE[0j in order to inrlialize the actions of 

The mos.t irnparfaril thing here i* Ih-al Che- addilion pF AB fa L odes tw( sF J ei?t L’r rt l rt „ 

zzz sre sz.nr: 

l.od*L h fc'lr‘Ill"'V* i * SUb '* = " S l ,“' ,hii P'“ Toe division it based on wherher AB OSes 

L T.hc eKamples Hluslrate the two types: AND AUGMENTATION and COMP 

































Richard C. Water:, 


LJE.3 THE BASIC PL.AN TYPES 


46 


AUGMENTATION. In both cues, a ^unputalipn ie performed, takinjs edyania®* of ihs seq^t* Of 
"" a a wh ch is spI up fey the LOOP L, which is usually an ENUMERATION LOOP las in the examples!. 


]]l-0.4,4 THE PLAN TYPE "INTERLEAVED LOOP" 

k . ™ S # m typ * cawhines (WD LOOPs, K and L, sa lh*f the/ are sailed in *y ne hrany The 
as snon«eilher one terminals ^ y ’ '* 

n - 11] N «. n,L, n) 


^ - > '.Ui I II 

^ I “ ^ ,i i g, n ^ U K. I i i 1 ;■ k U L.QCi] jx u L-Tti^rv 

* “ ^ * ii . n 1 If* B [ i ] px a ft. T111 pu ft L. @ [ i 1 p £ ft L. T t i 1 p £ 



*) 


: = K.l UL.I 
T - K.T OR L.T 
3 » ft.3 y L. B 


each OOQP operates 
seoaralely 


a Q - 1u i-<5,n W-BINo u UBU] 0 ] 


Ift; 


■ ■ 0 , n 
ft [ftj 

ft L-ft 


iK,e ti] A A L.P ti] A ) i 
&,e-l Ift.TIilaAL.TIl] 
Tin]* v -4..-U1],) 




IB 

28 


-pp - Id irtitt^to the ioppihf;. 

•L ■ T E i ] p e ■ ip see if the computation shou d stop dye fo LOOP 

ft. T [ i] a ip see ji the compilation should step due lb LOOP K, 

L - B I i 3 p B = to perlferm 1h* steps pf the Ca culat'orv for LOOP L. 

■'■■"[ i) PP 3 to perform the steps Of the calculation for LOOP K_ 

X - 0,3 
M M.IB 
X - FIX) 

IF [JO 10.2B.18 
CONTINUE 


H E- 23e Schematic I0 r , and e sample of, [he plain type INTERLEAVED j2CP 

This i« «l» a three level plan, K,T. LT, K.B and L3 ere executed in any order in a rim wrlh 

& “-'l™? 9t 3ny aF fCur PC ' rAc - The h^«quir M int it Ihaj nd data flow* between 

Itr ! S bL |?°{?u :f Dn ' Y inCeraC,lef1 is thal w ' hen cns nobles, the fether is artificially 
stopped. It shfeu d se noted thal when, one of the suWJOOP* (say K) tern.,nates, [hen the whale LOOP 






































Richard C, Waters 


^7 


IH-3 THE SASIC PLAN TYPES 


'.A) acta irt all res pacta |ust like I h a I suoLDOP (K) witn some additions computation from the partial 
execution o 1 ! Ihe ether subLOOP 4L). [n particular, the outputs art the outputs of K wsth a subsel of 
Ihe Outputs Pi! L added on. 

Lir-fc mimicry, interleaving s a powerful idea in its own rigbl and could be a separate p3a.n type, 
interleaving 15, essential;/ a way to simulate pa j a!lel process'ng. Hare it has been restricted to 
a PP yin a Only lo LCO“s because it s not interesting when applied 1o the blher plan typos discussed 

One ot the -hMt important attributes of this pi an type ia trial it can be shown to terminal ever. 
=f only one dF :ne two LDDPs K and L can be shown ip terminate, As 9 resull of thjs, this pbo lyp? is 
oMen used te boynts Ihe execution ot a possibly non-lerminatira LOO a with a simple ENULtEPATlON 
LOOP tsce the example}. 

The 01 her major use oF thip an type is based bn considering that i| computes either K or L 
1 hA&* 7ieVe,J C ^ ,riP ^ e ^ efi ^ r *^‘ Here f.rst is defined in terms 01 Ihe sequence of slates produced by (he 
LOOPs. This is dene in ;l sduat do where,. lor Inslance, [he results bH L a.-e not desired {or perhaps 
are not computable) if K terminates lira!. The program Rtfi contains an example of IhiS- 

[n conclusion, it snoyid be noted lhat conlrbl exils an INTERLEAVED LOOP in two differenl 
places depending pn which test terminates. ihe LOOP- tn a i-rand plan Ihis feature is expressed by 
considering that the interleaving process joint two LQOPa, each q1 which is the initial component of a 
complex computation, jf the INTERLEAVED LOOP laminates due Ip test K.T, then execution cbnlinues 
Only in th& cQnpiit-alion LOOP K ie. th# inili-Rl ctiniponenl of. 

The splitting a-! the llpw oF control on exil From an INTERLEAVED LOOP could have been 
eliminated if a component were aeded Id alt LQOPs which was executed aFler Ihe test had terminated 
■ he •Cborg. This was not dene, because il was Felt that compesing Shis exit -segment on the bulput of 
every LOOP won d Qoscure the basic r3lure of LOOPS, 


Richard C. Waters 


[H.4 DETERMINING ThE DESCRIPTION 


43 


!]].4 DETERMINING THE DESCRIPTION Or A. PROGRAM 

Thit section give?, an indicalic-H ot how Ihe systeir. can develop an understanding &f a program 
in term* 0 < the descriptive *tro?1ur(s defined m ceclmn ETE.2- Gwsn Bn understanding of a prolan,, 
SEPhdn [J g ^es an indication of how Lashs sre percrired by Ihe system. Bas tally, the system either 
,ust repCrls out parte Of Ihe destnpt ve structure;, or a s *s Sseil a series pf questions and perform* 
some minor deductions, The descriptive structures wprp specifically designed 10 make the (nks 
described in section J[ easy. 

Stirling, rein ihe test of a program, including annotation, a" understanding is developed using 
s.i!vc r a type* o' knowledge The system has compete (inowledge of Ihe basic (acts aboul “ORTaAN 
TM incluaes knowledge of (h B specilit control flow and data flow constats available, and knowledge 
st tip basic programs awl able. The System also nj s some basic knowledge about mathematics^ 
Ho waver, it snould be noted lhat, this system does ncl try 1* unesrstano the mathematical theorems 
Jmplemenled by a program, but only how the program imple-ment* tut theorems. Finally, the system 
has knowledge O' what plan types are used in the programs in the IBM S£P. 

The undor&land.ng process is Illustrated by a discussion of the program CQNVT which is shown 

m the newt figure, 


Ricrianaf C. W.alers 

DETERMINING THE DESCRIPTION 


1 C 

2 C 

3 C 

4 C 

5 C 
G C 
1 C 

a c 
a c 

10 C 
XI c 
12 C 
15 C 

14 C 

15 C 
1G C 
17 C 
lfi C 
19 C 
2d C 

21 C 

22 C 

22 C 

24 C 
2G C 
2u C 
21 C 

25 C 

23 C 
33 C 
21 

32 

33 

34 C 

35 

36 
57 
33 

39 

40 

41 C 

42 

43 C 

44 

46 

4 5 

47 c 
4 S 
43 

S3 C 

51 

52 


PLRPC3E 


H 

n 

hcce 


ns 


- NUMBER OF ROUS IN bURJCES s AND 0. 

- NLT1BEP DF C0LU1TJS in ru, trices s and d 
■ CODE indicating T v P£ of conversion 

i " FR ^ SINGLE PRECISION TC DGUBLE PRECISION 
! "” 1 ^ L ' 3Lc PRECISION !□ SINGLE PRECISION 

NUTBFfil‘« uirr n ^'? 1X COl,TAINS S[NGLE TOISIDN 
‘t- 6ER5 hd N\RLT r JF T!0Dh=2, IT CCWTAIMS ci/iL r vr 

^ KFKS A£ W r?U7 ' TH£ STZE 0F mTRIK ! 

IF ncOE^i. This MATRIX CONTAINS 00D3LE PRECIS[□« 
NUMKB3 AS OITPUT. IF noOE-2. IT CONTAINS DOUBLE 
*>>™ ,lLrlBt!,s *» IN a UT. THE SIZE OF FA TRIM D 

Q\c DIG]7 "AJJIBtR FOP STORAGE NODE OF .TIATRIft 


IS 


0 ~ GENERAL 

1 - SYfTIEIRlc 

2 - DIAGONAL 

REMARKS 

“ATPlX 0 CANNOT BE IN THE SANE LOCATION AS nATfirw c 

STSuRK* " * raU9LE *'««» STATEnENT ,N 

HETROD 

j'C_ORDINC TO 7FE TYRE DF CONVERSION JNJ]CATER IN rcnnp rme 

“iw&r® fran ™""*"“ ££ 

IXUE_E PRECISION 0 

lF™5-!™ W A,™ re CF *“ NUISES CH DATA POINTS 

Wi-N*ri 

GO TQ 8 

Nh- i | *NJ n 

CP TO % 

NH-W 

TEST TYPE OF CONVERSION 
IF mODE-U 13, 13, 2B 

i a hn S !r JC r E / REC:siaN ™ DOUBLE PRECISION 
i« Uy lb L-1, Ml 

IE OTLfcSCL) 

GO TO 33 

°0fLE Precision 10 single precision 

uu Zh L»-l h NTi 
25 SILUDIU 


S 


36 RETURN 
ENG 


Fig, £ 4 : The subroutine CQNVT 


Richard C. Waters 


Lit.4 OETBMMNG THE DESCRIPTION 


E3 


Th? first =1ep laken by the syslem in greer to analyse a pro E ram is In divide thg program irtto 
cont-rcl llow, data flow* basic program fragment*, and cabmen 15. 

1-31 a r s comment? ?nd appear in the prec.ec ng Iig^r^ 
aybrdutrne c-Onyf (n t Hl node, s., tf, he? 

dimension. sflf.cHl) 
double precision d 

find Jlorflge mode of matrix and numper of dat* pdnls 
IF \ms-ii Z, 4, <5 

2 nnf= n*-n 
CO TO 6 

4 no- ((n+1)*n)/? 

GO TO $ 

$ rwim 

tesl lype pi -conversion 

3 IF f.ncde-1 8 Ji3 r Jtf, 21 
jingle precision ip double precision 

10 DO JO Nj, mi 
15 cirp-st |j 
CO TO Off 

double precision Id single precision 
20 00 Zb M t m 
25 $ i I>-d 11 i 

30 flfTUJW 
end 

Fig, £5; This shew* the subroutine CUNVT printed in four different 
Sty es of type. T.np slyies el lypp do."lily each p*r! of t-ne program js either: 

JJflGtf Of CQflTROL CONHECTlUt TISSUE 
£)data i Ic-h connective tissue 
3 basic pcpflrjii iFranrcerit 

4> c o comment. 

Mcddo certain transforms!ions (see sections ilU.35 and M.1.3.&}, lhi S cation can be done 
durely syntactical y. Far convenience, entire expressions Bike l(N+l)*N)/£" nave boon taken as- basic 
prog rams, in the example, The syslem will actually only contidar (unci ions like *-■ "FLOAT", array 
noexirti;, elt, 1o be primitive. However, it pro-oebly will trcsl expressions i r, a special way since they 
are particularly easy to unde rs I and. 

113-4.1 CONTROL FLOW 


32 

33 

34 c 

35 

36 

37 
33 
33 
4 tf 

41 c 

42 

43 e 

44 
4 b 

45 

47 c 

43 

43 

63 c 

51 

52 


i ne cnn.rci Mow □! a FORTRAN program can be completely analyzed by looking 3I ihe text of 
the prtgrarn, wif"-3ut any elaborate reasoning. Programs such as optimizing compilers currently 
per.0rm. such an^lysgs. The nex! figure is a control flow diagram lor Ihe program COWVT, This 
diagram is a graphs representation 0! what the system knows aboul th* control flow of the program. 










mcrwei c. Water* 


JU.'q DETERMINING THE DESCRIPTION 





Fig 26: The central flow in :he program QCftVT. 
SEQ«SEQUEmjAL PLACEMENT, JP-IN1T1AL PLACEMENT. 





















































































iRichjifd C. Walers 




111.3 DETERMINING THE DESCRIPTION 


T h * diagram & a cl retted graph, Each arc wnnettt One node La one other node. LI represents, 
.he f Ow OF cGnlrcl oelween Lne nodes. Forking pi control Fi-ow arcs is only reasonable in an 
envir'c.nrr.er-1 wnere there is asynchronous processing. The label on an arc indicates how it is 
mi Die merited. This label is either a me number pr a direct exp lenat-ion. If it is a line number* the 
tP-nlrn flow construct on 1h,n" I ne implements the control fJow indicated by the arc. The possible 
di,ett explanations include ■SEQUENTIAL PLACEMEN and ‘’INITIAL PLACEMENT." Both of these refer 
to sityahpns wnere the arrangement pi tJ\e statements <n I he program governs the Hqw of conlroi and 
tnere is no explicil tip# of cOnfrpI cOnsIruct to p<j nt to. 

Nodes are labeled with an indication of the adiutty laKing place at the rode. A l ne number 
mokatet Ihc basic program ard/or data f ow which t*kes p ace in Ihe control environment associaled 
w .h the .node. For ex*mp e, the »-s1 10 of Ir.e 36 (computing hAW B.nd assigning (he result So NM} are 
computed only when MS<1, Jf a node i* associates with only d part gF a line, then it is labeled with 
Ir n exlrinsie name of that part cs! Ihe line. For ecar-p s, Ihe label "54.0" an a noce indicates that Only 
.1 K body, L-L.1-] , Of the ENUMERATION LOO?, embOc ed in line 54, is associated with the node. A 
noce si which nolhmg happens is not represented as a bon. ]t is just a point at which in arc 
terminates a no another begins. 

[f more that one art Leaves a node, then (h a 1 pace must be a predicate. For trample, ihe nodes 
labeled 35, 42, 44..T, and 4£.T grp predicates, Several arcs c*n enler a node. This has nd 
extraord r-ary significance. 

The nodes are assbcialed with the lowest ‘Cvel segmentaJiDn pf the program. In the figure* 
nodes; have seer, selected in actor dance wiih a line oriented selection ol basic prog rami. The system 
would actually produce a more eg tr pi ex diagram in which no reasoning was resumed curing the node 
selection process. For c ar ty, the figure super iraojes a higher level ot segmental ion on the sydem’s 
diagram iscc Ihe section on segmentatiOn below). Ln order to avoid making any cecisions, ahoyf 
oegmertat on whi e analyzing Ihe control ftow, ihe syslem p^ts in ns many nodes as there are d stinc! 
control environments. 

111.42 DATA FLOW 

The data How for a FORTRAN program can also be completely analyzed in a straightforward 
minoer. he next figure Is a diagram, similar 1o th fl central flow diagram, representing the system’s 
Knowledge Of Ihe data How in Ihe program CQNVT, 


Richard C- Waters 


E.3 


ili.4 DETERGING THE DESCRIPTION 



Fig. 27: The cata flow in 1 he prcgran-. CQWUT 























































Richard C. Waters 


54 


Kl A DETERMINING THE DESCRIPTION 


■ hough some OVa flow epnstrocli {$ueh a? rfient> ere direct onal h many fsucb as variables 
anc subrouline arguttienls) are npt, These nan,-‘dif«(*onal cdnslructs merely maintain the same value 
al several points. The conlrol flo-w imposes a directionality on I hem, The label on an art mdicelas 
how the data tlpw it rep r esenls is imp emcnlcd. The laoel s either a line numoer of a dala fiow 
cOns. 1 ruct, a variable name, or a direct explanahon. [f it is i varrable name, then tn *1 variable 
implernenIs the da“s, lip-*. Greet ejtplanalions arc used 10 indicate phenomena which cannot bh easily 
■solatpd to ore item in She progra-T. Tne only one used in I he figure is "AFGh" wh-ch indicate? that 
lie data llpw into or ayf ol Ihe program was ach eyed through subroutine argument ppsif.on n. 

Lfol he control J law arcs, oala (low arcs can far*, arbitrarily, For example, tne are implemented 
by variable NM connects the assignment statement-, leaving nodes u& r 3£, and A0 with the nodes 44.T, 
any •■o,l, However, a data ho* pith can actually On y tarry one datum #f * time, As a resoll, a datum 
which is delivered tg ihe node ljbe- : ed 4A.T, in * jiv*n execution of She npde, actually oriEinatea at 
jusl one of the nodes 36-., 38, or 40. Many arcs can enter dr leave a node. This just ihdioales that 
several daia items are entering o. r leaving She iode. 

Tne dais ( ow nodes, ore selected by ihe system in the s^m? way as control flow nodes are. 
namely, Ong lor every data flow envirOnme.it. A? before, the figure shows a higher level of 
segmentation. 

IILA.3 9ASiC PROGRAM FRAGMENTS 

'here are only a limited number of basic programs available in FOflTRAfi. The syslom has 
complete intrinsic descriDlions of each gnp as pari of 4? spec it ic Knowledge about FORTRAN. These 
□ esenpt Ons embody the lowest level of detail understood by Ihe system, 

11 1-4.4 annotation 


The inlormatign described in the previous three sections gives a complete picture of the 
orogram, at fhg tinest level OF del ail. The System uses th:s information Id hu-ld up a. description of 
Ihe program it intermediate levels Of structure up 10 an intrinsic description of the program as a 
whole. The use Of annolatiQn dl Ihe program a$ essenlial in this process, Comments and their use wilt 
be discussed cn all of the fpJlpwing sections. 

it shpu>d be noted that I hi e system does nol try 1o do any natural language processing. As a 
result, the eommenls cannot be used in the e;rgct lorm they take in Ihe program?, in the 55 ?. ]t has 
rol been decided what form Fne comments will taKe. The neict figure oFfers. one suggestion. 

A very imporlani ouet. on 3 how rrucfi anr-of^t On wilt be required in order for the syslem 1o 
develop an, understand ng of a program. It appears (hat I hough Ihe communis on Ihe programs in Ihe 
SSP will have to be recssl in some other form, they contain sufficient informal i&n For understanding. 
As a result, the amount of annotation needed should nol be eref-to* than trs amount already present 
On the actual programs. 


Richard C. Waters 


lt].a DETERMINING THE DESCRIPTION 


55 


C Dari is 

C 

C 

C 

C 

C 

C 

C 

C 

c 

c 

c 

c 

c 

c 

c 

c 

c 

31 

32 

33 
C 
C 
C 
C 
C 


I intrinsic description of 03WT 
inpul St n, m, -rode, {*(!}}, (d^f, ms 
prerequisites; ilcalmj njnr.be.rs ([su>Sl 

double prcc s on numbers ({dfj)-)) 
integer numbers (n, m, mao*, rnsj 
matrices ([sli|> (cililj) 

n=NUMBEJf_OF JfaVS(fE^)})-=N'UMaeR_QF_FtOWS( (eKI t)> 
m - NUUBER_QFjD0LU«3t?*( i J}»-NUUBER_OF_COUJMNS<{<l(iH > 
ms c STCfiAGEjC-CE( [sli] ]l-£TGfiAGE_WGDE* (d(i)]} 
mode £ Jl. 2) 

oulp-ultj cn, om r omodc, [dslit^ Jcd[i>J ( oms 
assertions: Healing numbers 

double precision numbers (JodtiJJ) 
integer numbers ■Idn, cn% omode, oitis} 
ma1ricHi{{Ds{i>! P 

mcde-2 - Jod(i}3-0BLH[t(iH> OQMPONEWTWCSE 
n.cde-3 - {fe(i.)}-SNGL<£d{i)H COMPONENTWISE 


SUBROUTINE COTV? IN, D,.n:C£.S.D, 
DIMENSION 3 ill .0(1? 

DOUBLE PRECISJON □ 


PI5] 


the ne 
partial 


nt SOg merit is of plgm type XOP 
extrinsic behavioral dfitripbOn of the nent segment 

assertions: OUTPUT = NtftfBER_0F_£LEM£WTS( £s{i))}-NUMa£R,0F_aEtvIENTSf [d(0)) 


35 


IF (flS-1) 2 r 4, 6 

36 

2 

Mf-N*N 

37 


EO TO E 

33 

4 

M1-E(N+l?*N]/2 

33 


GO TO $ 

40 

5 

nn=H 

C 

E She ncut segment 
r 

is pi plan type XOP 

42 

& 

JF inOOE-lJ 10, 13. 

C 

C partial 

extrinsic bt-havjOral description of 

C 

C 

assertions: 1 , otMill-DBLE4{sli>]) CQk 

44 

10 

00 15 L-l* Nrt 

45 

15 

OILUS(L) 

4E 


CQ TO 33 


C 

C partial 
C 
C 
4£ 

43 

51 

52 


extrinsic behavioral descr pi ion of the following segment 
assert ons; (oc(tij'-&NGiJ[{d(i)}) COMPONENTWISE 

20 D3 Z5 L-l.ffl 

25 SLLJ-DLLt 

3® RETURN 
ENu 


Fig, 23: The annotation on I he program CONVT Eradiated to a form unde rat an da Die 
by She system, indental ion met tales segmentation, 


■R-chartl C. Waters 


56 


Kl-fl DETERMINING "HE DESCRIPTION' 


AjI of the inform ghon in She above figure tomes oirectty from Ihe comment on Ihe acluaJ 
program, This section wdl discuss ^he part-at inlrinjic behavioril description For CONVT whrch 
ccrre 5 Pdhds to tne header rOmment, lines L -3D, lo&tther with lines SS-33. It is ini or of ling lb note 
.hei Iunes 32 and 33 eon-d oe loomd at aa comments which have been pul in a form -which ine 
I OUTRAN conip. e?r can undcrsland and act on. Tne fallowing se-c'iorij will discuss the internal 
■COmnnenis. 

Consider where each part of I he partial intrinsic behavioral description for CONVT (see Ihe 

f s - 5r ’" !, ‘ . : cL :L ::'.-":;.f r.: .■ 1 1 - ■ M ■ ■■:. I r,c j;, spec J es lh.i: :m-i- s v inputs ara 

o-ulpu'E ian-os- for them i,n Ihc beh av oral -description have been patterned after (he variable names 
for clarity. The System ilsolf attaches no significance to ils internal name-*. 

This bring? u d the very interesting topic al mnemonic names. The variable names are a very 
impprtent source al information about a program, particularly if Ihgrs i* rot much other ^notation. 
Smce N, M, and MS are standard names For NUMBER„QF_RQW£, NUMBER _QF_COlLMNS, and 
5 • ORAGE_,VCDE respectively, rn the programs m Ihe 55 a , ado tional common ta( ion on this fact might 
have cean omitted il CONVT was nbf so "uv^ll documented. 

i he name of a variable i$ usually chosen 1q spoeifiy some aspect of the datum carried by the 
variable. This can be used to earn gfcoul Ihe assertions of the segment producing the datum, and 
aocM the prerequisite? of segment* using ij, hbwaver, there is a problem wifhi this, A variable is 
usual y psee lc- carry Oil fore it datums, in di Iff rent parls of the prog'gir., while ihe mnemonic narr^ 
Ofton appl es 10 Only some of these datums. For example, the variable iVM in CONVT is very mne-monk 
when it is carrying the result of line 36, but no! when il i 5 carrying the result of line 3S a t A3. 

In addition 1o 1h=s problem, since ihe system -does, not understand Englijn, it cannot use the 
mnemonic value of a njme cirectly. As a rcsi.lt, the system will probably not use- any mare 
information, from Ihe variable- names ihan FORTRAN usss, namely, the fact fhal the first letter of g, 
vtriable name signifies whet.oer it is an integer or floating point number. 

Returning to toe header comment, ihe DlMEf-EION statement, line 32, indicate* lhal $ and □ are 
matrices. T.nis fad 13 specifically rocorced in Ihe partial behavioral cescr pfion, [n addition $ arvd 0 
are referred ip as. {-s(ij) and JdhJ] when talking about the entire aggregate. The prerequisites and 
assertions aaoul the data lypes 01 the nputs aid Qjlpof? cSme from the names for the variable? arid 
the DOUBLE PRECISICIV statement, Imp 33. 

-he specific information about N t M, MS, and MODl s given lo line? 5-9 end IS. The information- 
aDOut what S and D a-te, on output, is given, iho L gh ho; too dearly, in timet 10-1? ?-nd 27-29. On* 
tCurte of cordusiqn s? lhal, unlike the partial behavior*1 description, tne comment does not make a 
dbar distinelion bo tween inpdt and Oulpul data carrier by tee same variable, At 3 result, when it 
says ft is .not c pgr whether it is the insut or the outpul data which is being referred fa. 

1 • .e comments On. >nes 2^-25 srg- not used because they do not apply 1o (he internal workings 
of the program CONVT. The very imported comnenl on Imp £3 is not used because this system 
make $ tNj simplifying as?umpt- 0 n that variabc-s ng-,'e- r overlap. 

Th-s partial intrinsic benavior?! description arrived Irom the header comment is used as a bosip 
for the intrinsic behavioral descnphcn c-f Ihe program. ]n fact, il is almas; complete. The only Ihing 
th 3 l hes to be addee 15 some information about sone of Ihe outputs. Many comments ire in the farm 
ot part-ia pehav.arsl dOscrrplions, bul tew sre anywhere near as comp®te gs a header comment is. 

At (hrj point, Ihe system h» 5 1 gOPd idea cF Ihe highest and lowest level dBscriplions of the 
operation Of Ihe program, tn order ;o understand Ihe program more fully, it must (ink these two 
GB-scriptiqns up by aetermlning te* nlormediale structure 0l Ihe program. 

Sssically, il is nat tea difficult for Ihe system ta anjlysp one or maybe two levels beyorvd wh.it 
it icnows. An attempt 1o go tert-er lh,m fal, wp u : ead to * COmbinalorial explosion ql possibilities. 
Jnlcrna com me its in the program be ng analyzed provide landmark* so 1hg| Ihe system never is more 
that I wo Isvels sway ffom whgf i; knows. 


Richard C. inters 


57 


IH.4 DETERMINING THE DESCRIPTION 


[ir.fl.is segmentation 


The firs’ step in developing, a^ understanding of the nternal workings Of a program is tt 
Properly segment it, The basic difficulty involved »n determining segmentation | s ih-al there is a very 
iii'ge ruriroe'r pf vrays She: a program can bo divided into segment*. Fortunately, there are several 
rtifethorii which can be usee So spfcec up The search. 

F-rstly ti-ifrp are comments which speedy segmentalion. The entire program is marked a$ a 
segTienl by being physically separated from the Other programs in the SS^. Further, it is delineated 
by the SU3F?QUT]Nt and END statements, lines St and 5Z, tor the benefit of the FORTRAN compiler, 

, ne- position of interna comment* tends Id speedy internal mental ten though rnpt 
unambiguously. Tne pOsilion of ihp comments in CONVT mpicates teal lines 35-40, 44-4&, and"AS-A9 
= re segments. J is harder Id see that line 31 indicates 4 Segment frdm 42-49, not just For 42. The 
comment On line 53 is par lieu a r I y Interesting in that It is dearly intended solely to specify 
segmentation, Irt the last figure, segmentation information is indicated by Indentation. This obvi&usJy 
would not be adequate in a situalibn where there were Overlaoping segments. Jt does suff ce hero, 
however. 


;n 


Secondly, |he segmentation can proceed incrementally (for pr.p <j r | wo levels} from above or 
below. This it dono in conjurtction with recogniiirijj pten types expressed in Ihe coce (see the nc*t 
section!, If a plan can be recognised, this automatically gives some of the segmental ion. the reason 
this process can only proceed profitably from Ihe top and bottom, and not from thft middte, is lhal 
Order to recognise th.* plan, eilher the segment, dr the subsegments musl be determined. 

tn CONVT proceeding from toe bottom can easily detect that the expression arc segments. 
Working from Ihe too, it would mjf too hard to roftoa Iha-t the whoir program: is a COMP d | jncs 

35-40 and 42-39, and th a | these two segments ere XQFts ot 05, 36, 33, and 4BJ and {£2, 44-45, arte 
45-49> respectively, [n this simple example She incremental approach yields a total analysts be 
top program is. very sha low. 


’cause 


111,4,6 FlANS 


The main reason recognition ot toe pl*m type o? a segment Is possible is that there arq p n ty a 
tew pten types used in ihe $5P. There are an aoundance ot features which are very specific in 
differentia I mg. between these plan types, For instance, all LODPs, and Only bCC^S, have a loop in 
control and data f3pw, All, and only, LOOP* end JCQRs have preoicates. All, arte only, CCMPs and 
LOOPS have date f ow between subsegenmte. In addition, tee subcalegories of She lour major pter, 
types el$0 have dear idenli lying characteristic*, 

Of eonsicersble aici to recognition Is the fact lhat certain FORTRAN construct* aro 
stereotypic ally used to implement eorlain olan types. For instance, ARITHMETIC EFs oiler* implement 
XuRs. DDs often implement AUGMENTED LCOPs, a DO being en ENUMERATION LOOP. Expression* 
implement sequences Ot CCMPs. 

Finally, comm?n|i sometimes give an inc catton of the plan |ype Dt a segment. The phrases 
"F[ND STORAGE MODE" In line 33 and "TEST TYPE OF CONVERSION" in line 41 teem to indicate that 
the sop.rr-ants to lowing them are XQRs. ]n genera., however, comments are rot very helpFul tor 
discovering tho plan type ot a segmenl, 

111,4.7 3EKAVIGRAL DESCRIPTIONS 

itie in'crnsl comments pro very oselu for developing Ine behavioral descriptions of tho 
Inttrnal segment*. In CONVT, the comment on line 34 indicates thal the output of Tho following 
S egmgnl is the nunbe” ct elements n the arrays, The comment an I in# 43 indicate* that the Output to 
the DEkE of the input. Similarly, the comment on lint 47 indicate* th*t the output is the $NGL of the 
input. 

With some vitel gu dance from th# internal comments, miormstten about behavioral description* 
for the internal segment* ccmnes up from the Intrinsic behavioral descriptions of the primitive 
programs used, a."d down from tec partial intrinsic behavior*: description tor tN; whole program, giv^ri 


Richard C, Walers 


SS 


UlA DETERMINING Tk£ DESCRIPTION 


by fhe headei' comment. Each plan type inss information about what the intrinsic description of a 
£es m <fnt corresponding | 0 ?hat pian type must be- it ihe nstrinsic behavioral ceseriptions of the 
Eubsegn-ipri.s ere known, [n the absence el a comment to the cont-ary,, Ihg extrinsic description of a 
segment is assumed 1 q be tre sane ;ic Ihe inlrinsic description. Information cannot propagate from 
the intrinsic behaviora description of a segment In the extrinsic behavioral descriptions cl ils 
Subsegments unless, something is known about the do scrip I ions of these subsegmpnts, Comments are 
eruci?l in providing c.oough infprmat.cn about the behavioral dOscriplion of -a &uaseg.men! so thsl a 
more complete cescriplicn can be inferred from the description oi Ihe sesmenf. This allows the high 
level descnpliQp provided by Ihe neacer comment :o ba pushed down into the program. 

Irforrnalipn filters up from the primitive programs until il meels Information filtering down From 
the header comment. IE >$ at Ihe places where 1hp;e two types Of nlOrmaJinn meet, the' the system 
a required Mj pcrlQrm significant ce due tic ns. Thes-t of fen take tine form of proving that an extrinsic 
behavioral description, partially specified by t comment, follows from an intrinsic behavioral 
description, specified from below. 

I13A8 Th£ GRAND PLAN FOR CONVT 


The- previous Three- sections tried to giv* an idea of Evow an understanding of a program is. 
o eve loped. This section exhibits a complete grand plan for CONVT, ana a discussion of how this 
specific grand plan can be developed. “he next figure it a schematic of the grams plan for CONVT. 


PI 13510 

-A1ZSd 


r G | A i£K l 


UP2|3S»a 
- AS 135. 


- P313£>S 


CONVTtC) - 


La3 


r 

P|QlR) 


ewCrlnElc name 


tt_ 

L— i n 


plan type 
i n t rin &ic name 


ICJ-DOnP 
(EXUCA5E XCR 
(mALI^AND augmented LOOP 
[ELI-ENUMERATION LOOP 


-F|BIE>::i 


p?l J42 £8 
-A1 jttAAL. 
-P2[42>$ 


{ 


L | E (ELF-44 
AE 4b 


Laziqiaal) 


{ 


LIE (ELI 4S 

AB 143 


Fig, 29; Schematic of the grand plan feu COMVT. This is a shorthand 
notation J or n diagram of the grand plan simila r to the diagrams. For the plan types 
in section HE,3. Tfrs figure shoos how ihe .plans are imOeddod The diagrams in 
SSCti&n tll.3 show whal the diagram corresponding to each noete af the schemalie 
looks like, 


The figure shows how the segments combine Id product Ihe program CGWVT. The nexl figure 
shows much q{ the same information in a differenl form, [n, aaddipn, it clearly shows how Ihe 
segments relaSc to the physical cade. 







Richard C. Waters 


53 


lti .4 DETERS]N[NG THE DESCRIPTION 


1 ’-30 are eommcmts applyi 


31 

V 




SUK10UTSNE CQNVT (N.M.MCOE,£.D h NS> 

32 

V 




OlhENSJCN 5(Ir.CU) 

33 

V 




OOLSLS 3REC[S;0'-, 3 

34 

V 

<G) 

£ 


PINT STORAGE 10DE D" MATRIX ANC NUMBER 

35 

VA 

(Pl t P2, 

P31 


IF in3-U 2„ 4. e 

38 

VA 

(Alt 


2 

NM-hUri 

37 

Vh 




GD td s 

3S 

Vh 

(A21 


4 

Nn-i IN-rDuN) /2 

33 

Vk 




GC TO 8 

4-0 

Vh 

EA31 


£ 

Nn-N 

41 

V 

fF) 

C 


TEST TVPE OF OONvEJlStDN 

42 

vs 

rPl,P2t 


§ 

EF inOOE-11 10, 10, 2@ 

43 

va 

LAI ) 

C 


SINGLE PRECISION TO DCUELE PflECISSON 

44 

V0CE 



la 

GO IS L-1 „NM 

4£ 

VBC 

lABl 


IS 

□ 4LJ-S -!LJ 

4£ 

VB 




GD TO 30 

47 

VB 

IA2J 

C 


DOUBLE PRECISION td single precision 

4S 

VBD£ 



2$ 

00 2S L-l 4 ffl 

43 

VBD 

(A3t 


2E 

S(U-D (LI 

5 Z 

V 

(F> 

C 



51 

V 



30 

RETURN 

52 

V 




END 


Fig. 30: The program COWvf showing segmentation information, Each line is 
nreccded by She intrinsic name oi every segment containing it {V^CONVT}. J n 
addition, Jrt parenthesis, *rc rhg eylrinsie name(s) *f Lhe segments) (Nr Une is mast 
closely associated w th (if appropriate). 


&dlh figures stop at the level al expression onenled segments which, t&n easily be built 
up from the actual primitive programs, As discussed ,n the section On segmentation (111.4.5} and on 
pians {ni.4„6)y a multiplicity Of factors j.Iowe the segmentation and plan types to be interred. Vest 
notably, the DO stalemt-nts in lines 44 and 43 indicate the extents of segments C and D, ard that they 
are AUGMENTED LCOFi. Tn(r ARITHMETIC IF state ire nls in lines 35 and 4£ together with ths dividing 
and then rejoining character of the control flow diagram indicates the extent of segments A a.nd 3 end 
that they are CASE KORs. In* appearance ot the control and data ftow digrams indicates that th B 
SCgmonl COMVT is & COMP. 

Givpn the segment *tiOn structure, lhe System then fiesives out lhe grand plan with behavior el 
descriptions, The figure at the end of this section shows the complete grand plan lor CCNvT. The 
grand plan it I Pr 5 c, iFdwever, it straightforward./ denvaole from the tent lQ r CONVT. 

_ ^11 or hit dots and control fpw informal™ Is derived trom the data and control flow diagrams, 

l.<> inlrmsic description? o-F I he basic unit? (which are at the end OF the f gure} are developed from 
toe sp&cjtic intrinsic bohav.ora descriptions Ot Lhe primitive clomenLs Known by the syslem and Lsed 
in l-ONV . Lower levels of cetail have been suppressed for sunp-icily, 

Consider lhe following scenario lor now the other oehaviorat descriptions were developed, 
Slaving from the top, the basic intrinsic behavioral description for CCNVT is leken from the heads-- 
eammsnl. A few clauses about tne outputs have liltereo up from betow. Otherwise, it is the same, as 
in the comment transition fieuro. The comments cm lines 34, 4}, 42, and 47 make it possible IP 
propagate some cf lhe high level information irv lhe intrinsic behav oral description for CQNVT into 
segment E, and to flesh out the pl*n lor the segments CONVT and B. They do this by indicating key 
parts Oi the extrinsic behavioral descriptions ot A. B, C, and Q, 

.forking from the bottom, there is no dif'»cu'ty in develop ng the complete plan Spr seamen! A. 
Similarly there js no d.fficLity in developing the plans: for the AND AUGMENTED LOOPs C and 0. A plan 
tor ihe ENUMERATION LOOP E is included in the ligu-rt so that it can be seen hbw parts of it are used 


Richard 0. Waters 


J13.4 DETERMINING THE DESCRIPTION 


&e 


1o -develop tine plant 1(u C enc D. (refer to ihe section cm AUGMENTED LOOP* Ml,3.4.3}. 

3t srtcu d oe no Hied, Ihet Ihe inti intit description of t*e ENUMERATION LOOP segmenl E diflers 
considerably From tn<; entrirsic behavior*1 aeti ripr.d ^.5 af its use in segemenls C end □. Tins 
difFersne-e embodies a theorem which is probably too difficult lor the system to deduce. The tact that 
• he programmer chdse to use a „0 slafemenf Jo implement t causes tre system 1o use the indicated 
esrtrjnEic behavioral descriplion, The intrinsic description of l , 5 one that would arise it the 
programmer had rvpl used a CO but rather h*d open ended the LOOP. Jt is included to give added 
insight inlo 1h* plans tor LOOPs. 

As J cussed r ve: .ipn 30. 1.3.6, the array index mg ip. ires 45 end 49 has been factored out of 
t.'io computation into the data fid-w. This c*n be ocme because, as the pten far 4 eg errant £ shows, the 
v-aiue o J 1h# variaDi* L is 5 function of I he number of lines the loop has been executed, not ol any 
diil-a value. This system makes this lype ol factauialion wherever possible. As in this case,, it usually 
leflds- to a Eighteen! S;m p| f : cjijon of tr# statement Of the pla-.s, 

As an example of the process of developing behavioral distripbOns, consider scgmen1 D. The 
'Tf lhal I ncs 4S and 49 form ? segmenl, ar,d th 3 | ihet segment is tn AUGMENTED 

LQb'- Du is a primitive construct, and so the sysfen immeo ately produces an intrinsic bobeuiorel 
desc'ipt.pn io. r : :s*e the intrinsic behavioral description oF segment E in Ihe figure at the end of ihis 
Section}. Referring to sechOn E1Z.3.4.J, il can be seen that this description conforms Id the general 
f description of a LOOP, as expressed by the equation* in that section, Segment E is an 
fc.JUlVr BAT 1 3 -J LOOP since it has nb Outputs. The a-sserl ons of E are iust a combination &1 the 
assertions Ol Ms body and tesl. 


Because segment £ is implemented by a DO. the system knows that Ihe re is an equivalent and 
much morn useful way to slate its assertions. fifes is used m Ihe extrinsic description of segment £ 
wnen used in segmenl C (see the figure at ihe end of |fu S section}. Lin# 49 can be identified as th* 
AB (addition*! bodyl of the AUGMENTED LCO=. Section 3 [13.4.3 shows how an A0 is Integra led into a 
LOOP in order lo form an AUGMENTED LOOP. ]n thus case r the det* flow diagram shows the! Ihe AB 
(fine 49> 15 executed before (tie booy of Ihe or gm?,i LOO 3 a.-d takes lh c output of the previa 
eicecuf cn p- that body (the ouBntcty named k[i] in the descrtplipn of E) as an input. This Quantity is 
carried by the variable L, The assertions of E (namely that k[i>i+l) show thal thp value of L depends 
•dn.y pn Ine number pf limes the LOOP has cycled As 3 result, the array references in line 40 can be 
factored Oul of the compulation into the dala flow. This makes it clear that AB (lire 49 } does hdt teed 
bach to ilse 1 because ihe (sfiJJ are not actua ly inpul to -t. This implies th*t D j& an AND AUGMENTED 
*. COPi 


Re 1 erring Again Ed seclion ]] 13.4.3, Ihe intrinsic behavioral d#$Crip1i0n of D can easily be 
inferred. The assertions ol 0 are just a combination et ihe assertions of AD and segment E- Tbo 
assertions of E nave acluaTy fieen omilted except for the fact thal Ihe LOO? is executed from 3 to 
liinil (since k(i] is nol an oulput of Oj. IVole I hat the only deduction required in lh>s whole process 

was pattern matching and lhal there were npl ? large number of btind alleys wh-th the system had lo 
folibw. 

"he teleological iinhs (see section I3T.2.2} are omilted from Ihe grand pien due to the lack of , a 
reasOnabie way to represent them, The key deductions take place when Ihe informalior prppagaled 
up from Pelpw first meets Information filtered down From above. This happens at the Interface 
between the intrinsic and entrlrttk behavioral destripiions al Ihe SCgmenls A, C r and 3. Zn order to 
demonstrate censuslercy at those pants the system must use theorems oefining ihe terms 
■NUM0 e:r_OF_ELEMENTS h end CaviFONENTWlSE - . 


R^charil C- WalBfS 


DETERMINING THE DESCRIPTION 


61 


given: 

matrix {jx(i|l}} 

n -NUMBE RJJF_RCWS( j * f i>j J 
NUMB ERjOF_COLUMN9(Ik< itf) 
j ns -STORAGE JvSQDE( [a(i )] ‘t 
ne -NUMBEPLOF'^ELEMEHTM |x(i)}) 

them 

n>E 

rn^-t) 

m? < (1, 2, 3} 

•* ne-ntm 

rfls.-»L -t ne-((n*l)*nVZ 
ns-tj -• nc=n 

ne^fl 


given: 

malices. (()f(i)} f (y(ij}) 

rie -NUWBER_af_ELEMEfJia j^r )}>-NUMB£R_J[]F_ELEMENTS( (y (t)]} 

Ihen: 

WO; “ F(Jy(i)}) COMPONENTWISE x *- iwlfnt xii) - F(y{i» 

Fig. 31. Theorems about matrices needed for understanding Pf CONVT 

The first Iheorem shows Shit segment A does ndeed calculate the NUM3ER_QF„ELEMENTS m 
:he rr,a:r ces lhe second jhecrem shows Ihjf segments C and O ap indeed produce oulpuls which are 
COMPONENTWISE luothons of thei? inputs. These deductions close the gaps between the m 1 rin* 3 t and 
extrinsic behavioral descriplibns ol Ihete Ihree segments. 

Lt is rca-sdnaole So expect !ha‘ the system rr ghl know Ihese theorems a? pert of its knowledge 
Of matrices, which ora the only complex data type in FORTRAN. 51 not, then the user would either 
have to give Ihem as pari of the header comment or the System would ash hioi if the deductions 
required above were valid. 3 f he said they were, then lhe System would in effect Osum* these 
theorems Id be true, though il would not use Ihen in any ol her context. 

If anywhere along ihe lire lhe system discovered any inconsistency in lhe program, it would 
epert a hup as discussed sn section jI. 2 . ire program CCNV 7 does not have any bugs. ?ee section 
[[.£ for a discussion OF the program Riil wh.ch does have b v * 5 , 

Finally, in a tidying up phase, the system prCpagetes low l*vtl information all lhe way up to lhe 
top, and fills in gaps in Jhc intrinsic behavioral description far ‘he whole program. 3n order not to 
keep a lot of excess information, it only adds in IrFormation (O fill in conspicuous gaps. Jn this cast, 
several ol the Outputs 1o the program (such as on, om, and fcsGJj when moda-1} are completely 
unspecified. Data flow analysis sh&wc that Ihey are directly mapped from inputs. 

] 11,4.9 TRANSFORMATIONS 

The Only transformation I see section IIU.3) which was appl ed to produce the prog f am CONVT, 
is factoring com-putation oul of Ihe flow of control, An arilhmelic |F was used to implement several 
predicates ?S Once in line 35 and Imo 4Z. This is easy for In# system Id spat by looking al the control 
flow disgrace The system undoes the transformation before analyzing the program further. Other 
transiormutiens can also he dentiF Ed by clues ndicat.nu lhat they have been appied. 

It should be slrassed lhal transform aliens are a 1 horny issue. Tt is essential that the system be 
very conservative abCut applying invoke transfer mat ions fo a program If Ihe system experiments 
with reversing »■ Iftrge number oT trar-sJornslicms which w ght h*v* applied at any given point, it wifi 
drown in a sea of alternative program^. ]f » Ijir^e number of Iransformations have been applied So a 


Riehaca C. Wafers 


6? 


tir.4 DETERMINING THE O-pSCHTPTlON 


p.roorsrn, comments will unceyMedly b* needed so that tne pro&rpm can be unscrambled arid 
understood., 

Far I her, il shoLlcj bp r.*tsd, 1 hat Ihough a transform^ on may have been applied to a program 
wbilt il was aeiri^ written, the inverse tr ansi ormal ion may nol have :o be applied in order to 

understand the program. Consider the following two programs wnich jre related to each olher by 
factoring, 



]F tit 10, 

10, £3 

ia 

Y-SJNtXJ 



LM*X 



GuTD 30 


23 

Y*SlMtJ) 



U-H*X 


30 




fF [Il 10. 

■5J 

ro 

(O 

10 

v-sinixj 



GOTO 23 


20 

V-51N(Z1 


39 

U-X+K 



Fig. 32: Two programs reeled by Sadar ng. 

The second program can bo udders [am on ol am XOR and "W-XtSC, rather thai a^ a 
transformed XCil of two ANps, Only transformaiiors leading ta distorted programs not fitting any plan 
type need be undone. to the second program, s comment mighl well be inserted to ineitalp lhat there 
is a transformation which should be undone. Otherwise, there is no reason to thiflfc lhat a 
transformation his applied. 


Ricihartf C. Waters 


63 


IUA DETERMINING THE DESORPTION 


Fig. 33: The 5 -and plan for CQNVT 

■Plan far segmtnf OONVT which a a COMP of GjA and F|0 
en trinaic <le scr> p I ion of GjA 
inputs! m? F n, rr. 

prerequisites: integer ngrroers (ms, n„ m) 
mat,-cea fls(i)}, iciCi>]> 

n-NUUBERjOF-HO WS< [s[i> JHNUMBERjQF JIQWSt (d(i)}} 
m- NLWBEBJDF_COLUUNS( [e< 0 l)-N^BER_OF_COtUUNS( [d(i))) 
m 5 -STORAGE _ VWEVM '>}K WAGE JAQCB JcKi )}} 

Outputs: length 

aaiertionsj integer number {length! 

Itrajlb-MJM BEH_OF_pLEUEMT S({e( j)i)-NUMB£E J^FJELEMENTSf (d( i>}> 

mapping.: {ms^typ- r-n, lesgth^sije,} 

extrinsic aesc ript ic n cf F|3 

iapjts: js(i!}., length, mode 

prerequisites: floating nv^Pfr? ([j{j)}) 
double precision numbers 
m a I rices (|s{i}j F 

integer numbers (Itngth, mode!' 

leng | h -hUMBERJ3F„aeUENT$l {* (i )})-NUMBEHJ3FJEL0ylENTSK fd(i } j) 
made t {1 3 £|! 

Outputs: [□d{i}] F [as(iJ] 
esserlidns: floating numbers {Jajji)}} 

doub o precision num bers (fod(i)J-) 
mate {odCi>j > 

mdde -1 - {od(i)}-DBLE<?c(i)]) OQUPWEMTWrSE 

a COMPONENTWISE 

mode-2 i {dB(3)}-SN5L[;d[i») COMPONENTWISE 

a {oddJHdtiJJ COMPONENTWISE 
mapping: lenjt.--le.- 4 tb, mOde-mode, 

{oa{ 1 ) [ot(i !■], Jod(i t|t+{odli)};) 
intrinsic description pi CtHWT 

inputs: 1 % m r mOdCj, fs<i]}, (diij}, ms 
prerequisites; floating nun-rpr* 

double precision nun-be-s {-d{)}) 
integer niimoeri (n, m, mode, mar 
mnlrices ((s[i>! r ?o{i) ■) 

A-MJMBEP_CiF_RCWS({s(E)})-NUK'flEf!_Cf_fiDWS({d^»i 

m-NUMBER_0f jOQUiWS{{s(i)} ti-NUhtSEfi.OF _COLUMNS({d( i»J 
ms- STORA GE„MCCE{ -STQf!AGE_M00E<{d(i>3} 
mode i {1, 2] 

Oulputs: an., orn, amodt, (Osiifj, jodii}), oma 
assertions: floating numbers {JosfiJfJ 

dOubEe precision nutrbers ({adfi!}) 
integer numbers ton, om, omode, oma) 
matricea(Jos(i}} F {odtiJJ} 

mode-1 - {«d(i)}-DBLEUs(i»]| OGMFCfgENTWtSE 

a COMPONENTWISE 

rrode-2 - {ci{l)}-$N3L{ld{i}l) COMPONENTWISE 

a {otKir]—jdlilj COMPONENTWISE 

On=n 

om-fli 

Omode-maae 


Richard C. Waters 


fir ,4 DETERMINING THE DESCRiPTSQN 


Si 


dal a fiow 


ento GjA 


inlo F|B 


fl!T5*r.is 


MS ‘ron outside COiWT via, argument petition 5 
ar.d vsnab e MS 

n tram Pu1s.de CQNVT via a r gument ppsilicir, I 
and variab e N 

ra fr-on cutsice o" CQNvT v.a. arp.Mment posiEipn 3 
and variab e M 


len^lh from le#^th pf G|w via variable NM 
noc* Irpra putsiaa pf OQNVT via argument position 3 
srd variao.e MODE 

lit ', ' rom outside p J OONVT v.a argi/munl position 4 
and variable S 

{«!>) from ouls.de of CONVT via argument post^oni 5 
and variable D 

to outside of CONVT 

On Irons Outside cd C0N'.'T vs 3 argument ppsiJiO-n 1, 
variable N, anc arg„n-?n" position ] 

Om from ciuls'd® oF CONVT via argument position 2 , 
variable M, and argon-Ent posit pr, 2 
drriOde from outside of CONVT via argumenl position 3, 
variable MODE, and argument position 3 
orrs from Pul side of CONVT via argument petition fi, 
variable M J. and argument position 6 
from {os{i)- pi F|B via variable S 
a^d argument position 4 
:idd(i)} Iron -ad-fi)* pi '|E v,a variable D 
and argument pps lion 5 

cOnErn! flow 

from pul side of CONVT HO G|A via i."..t.ai placement 
fjom G A In F,3 via sequenlial ulieemenl 
from F;3 ;p cutsice p 1 CCNV by sequential placement 
and RETLHN line bi 


Richard C- Waters 


55 


Llt.4 CETEHMIMING THE DESCRIPTION 


Plan ier Eegmenl A which is a CASE XQH pf P 1135^3, A] 136. P2P5-3, A2|3S, P3|35^8, and A3 
extrinsic description of FI]35<3 

(Ihe .F :ine 35 predicates the segment 35 laking I he * branch when result^) 
inputs: type 

prBrequisiles: integer number (type) 
outputs: none 
asseteiors: Sype<] 

mapping: (type^-argL, results turA_valuei) 
enfrins-c descripEiDTi qI A3136 
inputs-: n r m 

prercqu sites: integer numbers <n, m} 

Outputs: s.i7c 

assertions: integer number (size) 

SHc-nvrn 

mapping: (nwargl, mMarg.2, atje-wreEwfn_valut^ 
extrinsic dencnplion pt P2|3£-3 

(tho JF line 35 predicates [he segment 55 taking the ■+ branch wrven resulted) 
inputs: type 

prerequisites: ir-tegsr number 'Itype} 

Outputs: ncK"# 
assertion^ 1ype“l 

mapp ing: (Eypo«arg L f reBPlE**re turn^val uji) 
extrinsic description of AJ|3§ 

inputs: p 

prerequisites: integer number (nt 
oulputs: size 

assertions: integer number (size) 
size-((fi.*3>*n>/a 

mapping: (nwargL, n^arg2, size-relurn^aluej) 
exlrinsit deser-iption pi P3|35>G' 

(toe IF lir* OS p r ed cates the segment 3b taking the + branch when result >£) 
inputs: type 

prerequisites: integer number ttypa) 

Outputs: none 
assertions: lype^l 
mapping: (lype+Hirg]^ 
extrinsic deccrmliPn *f A3 
inputs: n 

prerequisites: integer number (n) 

Outputs: size 

assert ons; integer number (s-iie} 
size-n 

mapp.ng: ti$,re«n) 
intrinsic descriplion of A 

inputs: type, n, m 

prerequisites? integer number (type) 

type* 1 -* integer numbers (n h ml 
lype«l -i integer numbo r (n> 

Sype>l ■+ integer number (a) 
outputs: j.?t: 

assertions: integer number (gizs) 
tyfte<] ■+ ■size-n^m. 
type=T -» size =((n i-l 
type>3 si;e»n 


Richara C. Waters 


1114 determining tke description 


b& 


daf a now 

into Pl|35*fl 

type Iron cytjide A yig variable ME 

inti At |36 

n 1 FOm CuUidt A via variable N 
m from outjioe A via viable M 
into P2|35°3 

type fr*m outside A via variii&le MS 

info A2|3£ 

n irom outbid-p A via vangble IV 
info P3135^0 

Type frorr. Du1s.de A vi* variable MS 

No A3 

n tf*n outside A via vir.ablc N 
la outside of A 

Size from s.?e OF Al^36 via variable NM 

or from s; 2 <r el A2|33 via variable MM 
or from Si?e o : A3 via van a ole NM 

tonlrol flew 

Irgm outside of A fo Pi via initial place ire et 


Irorn 

p; 

?* 

AS 

via ]- line 33 and ebcl 

2 



trbn 

PS 

to 

P3 

v a shared rode line 35 




f rO.Ti 

P2 

to 

A2 

via IF Ime 35 er.d Igoel 

4 



1 t pT 

P2 

to 

P3 

via snared C-Odc lirt* 35 




from 

P3 

to 

A3 

via IF line 35 ar.d laoel 

6 



from 

Al 

to 

bul 

s de of A via GOTO l ne 

37 and 

label 

£ 

f r 0n 

A3 

to 

Pul side Of A via GOTO line 

39 and 

label 

£ 

from 

A3 

1 0 

out 

side of A via linal placemen' 




fiitharcf C, Waters 


6 ? 


131.4 DETEflMINlNG THE DESCRIPTION 


P.ari to r segment 8 which is a CASE HOP of Pi[4250, AL|C, PZj42>0. and A5JD 
CKtririfilc description cf P 

ilhe IF line 42 predicates the $eg.n-,|?nc 42 4a>.inG liie- ^bremcN ^hen resylt£l(S) 
in-p^t*: mOcE 

orercqL 5't-EL: in'tJLcr number irnoce) 
mode f [ij£2 

Gulputs: none 

asserlionsu mpde-i 

fttlflpirig: (fflQdewi/gl, resuH+*relurn_\f||luei) 
fcjfinnsic desqr pi ion of AL.C 
inputs: lengtn, [sfi>3 
prerequisites: f oat ng number* ((sli))} 
integer .number (length) 

lBt^|K^ftJMBBR_jOF_SLEWENTS(|t(.i) J)-NUMHEH J3F,£LEMENTS( fd( i >}) 
□^tpulsi Jds'ii)-, ;Od(i)j 
assert o."S; floalir-g. nvmbers. ({os^i}J3 

double pret;$ an numbers <[□(*«}) 
malrkesflosfi}}, [gd(i)}) 

[adii )} -DBLE<{s(i)}) COWPOWENTWta E 

a [o*(i»Hs1iM COMPONENTWt$£ 

.'napping; ( onjtlwl mi:, {od£i>}«{dest{j}ji {os(i]Hs(i>P 

frirlr'rrlsic description o' PZ|42>E 

Uiic JF lire 42 predicates She segment 4£ taking the + bra/sch whgp resulted 
mpuls; rfrPCJc 

prerequisites: integer numoer fmdde) 
mDdd it {1,2} 
outputs: none 
assert ons: mode-2 

mapping: {nnoce™arg 1, result«t , etur , rt_valuej) 
eiitfiPSic descrialien of A2|0 
inputs: length, (d(:)} 

grerequ-jsises: couple precision numbers f{d(i)]) 
integer number {length} 

I eng th =NUU3ER_0F„ELEtjlENTSt{d(i >]}*NUMBER JJF_ELEMEi4TS{{s(i )) 
Outputs: {aiti)}, [odii)f 
assertions: floating numbers {josCO}} 

dcuble precision numbers C{od(ii]> 
iniatric^sfSpsd)}, {«d(i>3> 

{Osii t] -3NGU[cH i}f) COMPONENTWISE 

a {od(i)HcHi}J OOMPONENTWiJE 

mappirg: (length-Jimf, JdiJJ-rlsourcefc)}., Sod(i}Md<i})) 

intrinsic descript up of B 

inputs; mCde, length, i'du !■} 
pre/tquisilea: ntege- numbers \ mode, length) 

teng th - NUKitBERjQF_ELEHENTS({s(i)i)- N JM0ER_OF_ELEMENT3( 

mode * { 1,23 

mode-] -* floating, numbers {{a(i)}) 
mode-2 -* oauhie ornusion numbers {{d(i3}3 
outputs: {os.(i>} 3 locli]} 
iisser I ions; floating numbers fjos(i)}) 

doubie precision numbers (|od(i)}) 
mstricesf Jos(i)}, {od(i)J> 

mode ■=! -* [od(«)}-DELE{{s(i)}) COMPOtfWTWiSE 

a {es(i)}-{sfi)f COMPONENTWISE 


Richard C. Waters 


lJE .4 CETEflMlNtNG THE DESCRIPTION 


ES 


™«-2 - {flsii>KN3Uf<Hi))} COMPONENTWISE 

A iod(i}>-dti}] COMPONENTWISE 

data 11 -jv,' 


into P] |4 Sa0 


swi'ch from, oyliide 3 via variable WCOt. 

into AI|C 

(s(i)} from ojtaide B vu variable S 
irTo P]|42ii3 

switch from fiul-side 3 via variaijel MODE 

into A2,D 

fd'iijf from oulsitfe 9 via variable □ 
la out^iese or 9 

from lostiJj Of At via v aria ole S 

or fro.-Ti *f A2 via variable S 

-Iod'1 -)} Iron Jcdfiij of AS via va r able D 

or 1rom [o<i{i)} ol AS via variab e D 

Control Hfiw 

from outside of E SO PLi42s3 via imltal placemen I 
fro™ PL |42^@ ‘a AljC via ]1 line 32 and labe if 
from P | AJsf ;a P2|42>3 via shared rode I ne 32 
Fran P2jfl3*0 to AE|D via IF line 42 9 rd label 23 
fran A1 1o oulside of 6 via GQTC Hfl* 46 and laoef 3£ 
from A2 la ou'tide cf B via final placement 


Richard C. Wal ers 


6& 


1!L4 DETERMINING IKE DESCREPTtON 


P-ian for se^enl C whi-rb is an Ap,D AUGK4E?JTED L&OP of L|E ano A3|q5 
ektrirtttt tSe&criptian of L|E 
inputs; limit 

fir-^rcqu s-tet,: intejsr number (limit) 
hmit>0 

CUtp.ti: r.C. nr- 

assertion*: integer number* ([fcQJj) 

A Exg, | i*,j [KfiJ-i+l 
mapping: (limi|«endvalue, c«intt 
entfinjic description of AS[8] (part of [J 
inputs: rent! 
prerequisites: npne 
outputs: none 
assertions: none 
mapping: ( 1 ) 

txlrinsic cescripl.cm pi AE[i];C5 
m.3Uls: sourcefi) 

prerequisites: f Pat-ng number (50urcsi.i}> 

Outputs: destM 

assertions: double precision r.ymoer !desl£i)) 
de s-t(0“DE.E(sQurce(i J) 
mapp nj: {soureeEiMnum, dest(i)-*dnuni;> 
intrinsic desonplion 0< C 

irput*: limit, (sOLrce(i)J 
prerequ site?; 11 lea ling numbers Ujowcb(>J}) 
integer number (limit) 
limit>E‘ 

CU’OutsL {destfi); 

fliSoriicns: double precision numbers ([de*t(.)f) 

A . . 1 , I , m i |. (desf(f)“-u0LE(£c urcefi]} 

c ;j r h HOw 


into LIE 

liffljt f/om outs do Z Mia variable h!W 
into A[?[i]|d5 

£0ujce(i} From {{sau*M(i}} which comet from outside ef C 
via variable £)-via variat^c S(L} 

to ujtiide of Z 

[desS{i)j from {the dest(i) wrier, con's Irani clu :.t fi) 

df {AB[i] : i 5 ] via va r able D(L» via variable [3 

ecnlrol flew 

Irpm outside of £ Id I (Ll and 4B[£]) via mi lie! p lacement 
3 ini! ate a the LOOP between T and A0 
from T tp A0 Y ie CO line 44 
fj-em A3 !o L.B via DO line 44 
from L,0 te T via CO line 44 
From T to outside Of C via DO lin* 44 


Wicbard C. Waters. 


7-0 


[JL4 GETERMfMNG THE PESCPJPTjQN 


Plan for segment □ whJeh ii an AMD ALj&yENTEO LOOP of L|E and AE|49 
Extrinsic description if E|E 
inputs: limit 

prer^qjisilcs-i integer n^irpefr 'ilimif} 

limit >P 

Outputs: none 

355Grt.0.ns: integer numbers {{kli]}) 

mapp n*: flimil-endvalue-, k^K;) 
eKtrirtj.t description of AB[B] (part gf I) 
inputs,: none 
p r erequ.5 tcs: rone 
Outputs: nine 
assertions: none 
mapping: (;J 

extrinsic description of AB[i]f49 i-2,oc- 
inputs: r;Ourcc(ij 

prerequisites: dOub s orecision ngmber (sourccfi>> 
Outputs: dest(i) 

assertions: flpitine number (dest(i)) 

desC^ i] -SWGU* Ource(l » 
mappira: (sdurtnum, dcsE(r)**SnuiT , tj) 
intrinsic oe-ssrip-t on pf C 

inputs: limit,[source^)} 

prerequisites: double precision numbers (f»ure*ti)J) 
integer numbe.- flimit) 

I i fTi l t -■ J3 
Oulpulsi (dest(i)} 

SSscrtidnsi foaling numbers ({dc-sI(i))> 

A i ■ i, l i ™ i 1 4 , dO!l ti ^SH3L(s*urce[i)) 

data Nciw 


into L|£ 

limit from oulside 0 via vgr ible l\M 
into ABfiJ|49 

source^) from (Jtouroefi)) '*hkh comes from 

outside 0 vjj vari a ole □) via variable C(L! 

Ip Dutsioe of D 

deiEfit from (the csstM whieh come Irom dest{i) 

of jAE[i]|43|j Vji variable SfL)) via vari a Pie S 

control fiOw 

from outside of C ’0 I (L.1 and AB[3]ji via inilial piacerenl 
E initiates Ihe LOOP between T ana AS 
from T to AD va EX) line 43 
from A3 to L.0 via DO line 4S 
From L.R lo T vu: DO Sire 45 
From T jp outside of D via DO f n? 40 


Richard C. Waters 


7] 


1U4 DETERMISW THE DESCRIRTtObJ 


Plan for segment E which is an ENUMERATION LQQF of J, 13, and T 
(I iter ally realized in a CO I in® 44 and in q DO line 43J 

(mapping!, Cite and control flow are omilted since She 00 statement i 5 seif contained) 
intrinsic descrip I ion of B[3] (pad of I) 
inputs: none 
prerequisites: none 
outpul;: k[0j 

assert.on;: integer number (k[0]) 

tKlrirvfijc Mscriptidn Of 5‘i] i = l,C0 
in Outs ; K[i—1 ] 

prerequiS tes: integer number [hQ-lJt 
culputs: k[i] 

assertion;: mlegsr number [K[i ]) 
k[i]=k,[i-l]+L 

ejririnsic description of T[0] ipprl ef I) 

(this predicate ir, an inherent part of a DO slaiernenl) 
input;: TfCmg 
pre r eq jisilet: none 
outputs: none 
assertions; none 

eytrimsit description of 7[>] iu^tu 

(Shrs Dfpqicste is an inherent cart ot a CO statement 

inputs: k[]J, cndvalije 

prerequisites: integer numbers (h[i], enbva ue} 

Outputs: none 
as; or I ions: k[i]ierdvaluo 
intrinsic description oF E 
inpul;: endvalue 

prerequisites: irleger number te-ndvalue) 
outputs: nor* 

assertion;- integer numbers C{k[i]}) 

Kie]*] 

A ' *«rn-l^'Js^H^alue- 
k^n^end value 


Richa/a C- Waters 


12 


IH.4 DETERMINING THE DESCRIPTION 


InErinsic ass crip home et Ihe q«ic ss^n^enre: §1^ 3-E, 3S, 4J, 4p F jnd 4$ 


| ” p ’ | I | M," | i I- , 

in%rins-ic bfeici.pii^n 




input*? arg L 

P'erapLj sjtfrE. integer number [arsl) 


Outputs: re-turn_value 
assertions; integer ^vyrnher (i‘durn_va ue> 
relur/>_vaiue'-argj -i 
intrinsic Rescript op of 3jj. 

inputs: arg], ar§2 


n-rnj-r-n .i-'Hf.^. 1 ,-■■■-■■ r 

pit .r.|i,e! 


n -. » r-'.r-r -r f-f-nt >ir 

I I V ITiuy if 1' -J L^sl ^i , dr gji,' 


Outpuls: re1urn_ualje 
assertion?; integer number i|return_valua) 
f#S ur n_value *arg l *argj 
intrinsic -do scrip Mon o( 38 
inputs: arg i, 3 rg£ 

prcfrequiE-tei: integer numbers \argt, srg.2} 


Output*: rgluf n_Vfllue 

assertions; jnleser mumper (return^ glue] 


ret um_val ge-fl&rg 3+1 ii arg 2)/2 
intrinsic oescript Or Cl 4 2 
inputs: ar*l 

prerequisite?: nl^g.' number (argLJ 
Outputs; re!urn_vnlue 
assertions: integer number (relurn_^alue) 
return_yalue =sr ^ 1 -1 
intrinsic description of 45 
inputs; frium 

prerequisites: floating number ^tnunj 
Outputs: drum 

assertions: -double precision "'Uirper (dnunO 
CJnum-C0LE(i nun) 
intrinsrt ocspriptrDn ol 4$ 
inputs; bnum 


prerequisites: double precision number ^num) 
outpuls: Inum 

BSie'tiDrts: Stealing number {Injrn} 
f num d 5 NuUdnum} 


Ri.-hard C. Waters 


73 


BIBLIOGRAPHY 


Bauer, M. (197E-.) 'A basis fpr the- Accuisi'ion ol Procedures from Protocols^ Fourth International Jbtrst 

Cbr.f&r'fcrte bn A.t. U S.S R, 

Boyer, Hfrber! and Moors, Sire I Iter (19753 ’’Proving. Theorem* About LISP Programs", JACM V22 
J*n. 1975, pp. L29-244 


0rbwri, A.L. (19?4) Qualitative KnOwlecge, Causal Reasoning, and Ine Localization of Failures 1- M|T 
A!-WP-6Ji March 1975 

Brown, A.L. rid75) Quel it ati-ve Knowledge, Causal Reasoning, and I he Local iza! on c-f Failures" MIT PhD 
thesis Sept. 1375 

Bro^n, A.L. (for I hep™ ng) TQualfUhve Knowledge. Causal Pc-ssor nr and the Localization of Fa.luire^ M 
MtT Ai-TR-362 


Floyd, fi.w. (15573 -Asn gning Meaning Ip Programs", Prat Sympeffe in app ied math. V19 Art. Math. 
Sot. pd. 19-32' Prpv, R,]_ 


Fi&yrf, R.W. (1S7]3 “Toward Interactive Design oF Correct Programs* Stanford AIM 153 Sept 1971 

Gerhart, S.L. (L975) "Kr,pwledge About Prp^rairs; £ Mocel and * Case Sludy H , 5IGPJ3.N Notices, V]f) 
#6 Pr&c of lnlernatioir. 9.1 Cdnh on Reliable Sul I ware June L975 

Goldstein,. Ira (i$74) "Understanding Simple Pl-clure Programs - Fhj t.-es s M.F.T. MlT-A[-TR-294 

GoSdstein, !. -[1976) "Planning Paradigms - Knowledge far Organizing Models into Programs" MIT 
A! -'.VP- S 23 M.a r c -i 1576 


Green, C.C. el. al. (1974J "^rc-gress Report cm Program Under*" anding Sy terns* Stanford A1M-24B 
August i97A 

Green, C.s,. and BarstOw, D. 119751 A Hypothel cal Dialogue Fxh biting a Knowledge Base fo-r a 
Program Understanding System" Stun lord AIM-255 (STAN-CS-75-476) Jan. 1975 

Hammer, M., Howe, W. G, Kruskai, V. 1, and Wadaw&ky 1. (1975) "A Very High Uevel Programming 
-Language for Datu Process n S Application*" IBM research report RC-55&3 Vdrhlpwn lights N,¥. 

He wifi, C. and Smilh. B. (1575) "Towards a Programming Apprentice* J£EE Transactions on Software 
engineering Vse-I t±l pp. 2S-C.6 March 1975 

Hardy, £, (.9753 "Synthes* of LISP Functions from Examples", Fourth lote"nation Jo-ml Conference on 
A.L U.S.S.R. 


i-toare, C.A.R. (] 969) "Art Axiomatic iians. for CompLier Programming", CACM V12 *10 pp. 576-533 

Htoere, C.A.S. (1971) "Rrocecures and Parameters.: An Aromatic Approach - , Symoosia On the Semant c.& 
oLAlgonthmio Languages £. Engelsr ad. pp. 1 £2-13 6, Springer 

IQMI GH20-B235-4 (1970) "Sc entitle Suorouti^e Package Version. Ut Programmer"* Manual* While 
Pla.nB INLY, 


LishOv, B. (1974) "A Mote On CLLT ML].T, Compulation Structures Group Mom* 112 




Hithard C, Wafers 


74 


bibliography 


“•""UCrtr ]« < ^ 51 ' '*"™“** - «—*» «■ Pr^M. Synthesis* Artifioia, 

lh! F “" Ml tt,n ™"'* 6 ™ " P '«e™ 1 ' IBM research 
^‘C^r "‘ , “ , '°‘' ,li '' E PSCIS «• "» *■« LISP Theorem t>ro.er\ Aero* pipe reJ>#rl 

Ri ' h ' C M1 T d * 1 S .»^p H C ec U f S 7 S" Un “ Sr!,1 " di " S “** *-™~ ~ • **—. Apprehtie,- 
R'.H, “ ^tj^otw. HE. U97e> *[n.b.l report on « LESP Programmers Apprentice* NIT Masters Thesis. 

fiMlh, HR. (1970!) "Anelys.s of AlgOrilhm Implementations*MIT PhD Thesis. MIT WSC-TR-TSe Mey 1974 
(iS7£> Profosytem [. an Automatic Progremming System Prototype", M.I.T. LCS-TM-72 

LtSP es,moles', Fourth 

or the Purpose Of intentions 

Based Programming ano Validation uiing ACgiSS" Dec. iskT*' ^ Aul “’ >,m S Knowledge 
Sm'lh, ft_end hew,ft c. (1974) "Towards a Programming Ap Br entis," A1S8 summer tonference July 

Summers, P.D. (1975, -Program Donsirest.on from E»am.pl„-, PhD thesis T„, m* 

S “ S Tu'g^t' 1973 73 ” " A C °" But,,i ' , ' il UMEl 01 *» Acquisilicn* PhD. thesis M.LT. AI-TR-M7 

"“““'"e in Electronic C.rcuil Oesign" VIT 


Suzman, G.J. El 974) "the Virtues Nature of Bugs’ Proceeding of n^Jiren e 

i pp. 224-237 U of $ U5Ee)! En gJ,nd S ^ E ^ nmer < &nfefertI ^ July 

WSldi "^ 6 " d Uvi,l> ** * 1S74) **«< Htograms-. Artifieial tnfelligenoe VS, pp. 

‘“siGB-aGPLANInterim uLlfng, E ' rri " W '"" r ’ Pr<, «'dir 8 s ot the ACM 

Yon©i£wj, A Symbolic Evaluation n an Aid ; c Program Synthesis' MET AJ-WP‘1?4 April 197C 


